11 matches found
CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
coursevault-preview has a path traversal due to improper base-directory boundary validation
Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...
Directory Traversal
Overview coursevault-preview is a Preview course material files from a configured directory Affected versions of this package are vulnerable to Directory Traversal via improper validation in the resolveSafe utility. An attacker can access files outside the intended directory by supplying crafted...
GHSA-9H9M-RR67-9JPG coursevault-preview has a path traversal due to improper base-directory boundary validation
Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...
CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
CVE-2026-35613
CVE-2026-35613 affects coursevault-preview prior to 0.1.1. The issue arises from a boundary check that uses String.prototype.startsWith(baseDir) on a normalized path, which does not enforce a directory boundary, permitting a path traversal via a client-controlled relativePath. An attacker could r...
CVE-2026-35613 Path traversal in coursevault-preview due to improper base-directory boundary validation
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
CVE-2026-35613 Path traversal in coursevault-preview due to improper base-directory boundary validation
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
PT-2026-30911
Name of the Vulnerable Software and Affected Versions coursevault-preview versions prior to 0.1.1 Description coursevault-preview is a utility for previewing course material files from a configured directory. The software contains a path traversal issue in the resolveSafe utility. The boundary...
coursevault-preview 路径遍历漏洞
CourseVault-Preview is a course material preview tool developed by Moritz André Myrseth. Versions of CourseVault-Preview prior to 0.1.1 contained a path traversal vulnerability. This vulnerability stemmed from the use of String.prototype.startsWith in the resolveSafe utility; no directory...