10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +944 more potentially affected by CVE-2023-30548 via gatsby-plugin-sharp (>=1.6.41 <=4.25.0)

gatsby-plugin-sharp NPM version =1.6.41, =1.0.0, =1.0.1, =1.0.0, =0.1.13, =0.48.0, =1.0.0, =1.0.0, =1.0.10, =3.0.0, =4.7.5 - @adobe/gatsby-theme-commerce =0.0.2 and more Source cves: CVE-2023-30548 Source advisory: OSV:GHSA-H2PM-378C-PCXX...

CVE-2023-30548

creationtimestamp| type| source ---|---|--- 2023-04-18 00:28:41+00:00| seen| https://t.me/cibsecurity/62308...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...