Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2020/07/29 6:7 p.m.4 views

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: OSV:GHSA-34GH-3CWV-WVP2...

7.5CVSS7.1AI score0.01768EPSS
Exploits1
CVE
CVE
added 2020/07/25 8:35 a.m.47 views

CVE-2020-7683

CVE-2020-7683 affects all versions of rollup-plugin-server. The vulnerability is a path traversal in the readFile operation inside readFileFromContentBase due to lack of path sanitization. Exploitation could expose arbitrary files via dot-dot-slash sequences (as demonstrated by public PoCs). Ther...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/07/25 8:35 a.m.27 views

CVE-2020-7683 Directory Traversal

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2020/06/20 12:38 p.m.5 views

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: SNYK:JS-ROLLUPPLUGINSERVER-590123...

7.5CVSS7.1AI score0.01768EPSS
Exploits1
Rows per page
Query Builder