Lucene search
K

6 matches found

OSV
OSV
added 2026/05/12 10:16 p.m.5 views

DEBIAN-CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/12 10:16 p.m.12 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 9:37 p.m.7 views

CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/12 9:37 p.m.9 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 8:59 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...

8.6CVSS6.3AI score0.00274EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:59 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...

8.6CVSS6.3AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder