Lucene search
K

6 matches found

Node.js
Node.js
added 2021/05/18 1:57 a.m.72 views

Path traversal in rollup-plugin-serve

Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...

7.5CVSS3.3AI score0.01474EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2021/05/18 1:52 a.m.4 views

@appnest/web-config (>=0.1.0 <=0.1.35), @auth0/oidc-implicit-flow (>=0.0.1-alpha.1 <=0.0.1-alpha.4) +33 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=1.0.1)

rollup-plugin-serve NPM version =0.1.0, =0.1.0, =0.0.1-alpha.1, =2.0.0, =1.0.2, =1.2.6, =0.0.1136, =0.2.0, =1.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.4 and more Source cves: CVE-2020-7684 Source advisory: OSV:GHSA-4J46-MP85-MV8C...

9.8CVSS7.2AI score0.01474EPSS
Exploits0
NVD
NVD
added 2020/07/17 8:15 a.m.27 views

CVE-2020-7684

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

9.8CVSS0.01474EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/17 7:25 a.m.30 views

CVE-2020-7684 Directory Traversal

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

7.5CVSS9.5AI score0.01474EPSS
Exploits0References1
CVE
CVE
added 2020/07/17 7:25 a.m.55 views

CVE-2020-7684

CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...

9.8CVSS8.6AI score0.01474EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/06/20 12:38 p.m.6 views

node-wakeup (=0.1.0) potentially affected by CVE-2020-7684 via rollup-plugin-serve-favicon (=0.4.7)

rollup-plugin-serve-favicon NPM version =0.4.7 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-serve-favicon and may be impacted: - node-wakeup =0.1.0 Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVEFAVICON-585950...

9.8CVSS7.2AI score0.01474EPSS
Exploits0
Rows per page
Query Builder