4 matches found
@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)
rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: OSV:GHSA-34GH-3CWV-WVP2...
CVE-2020-7683
CVE-2020-7683 affects all versions of rollup-plugin-server. The vulnerability is a path traversal in the readFile operation inside readFileFromContentBase due to lack of path sanitization. Exploitation could expose arbitrary files via dot-dot-slash sequences (as demonstrated by public PoCs). Ther...
CVE-2020-7683 Directory Traversal
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...
@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)
rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: SNYK:JS-ROLLUPPLUGINSERVER-590123...