6 matches found
Path traversal in rollup-plugin-serve
Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...
@appnest/web-config (>=0.1.0 <=0.1.35), @auth0/oidc-implicit-flow (>=0.0.1-alpha.1 <=0.0.1-alpha.4) +33 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=1.0.1)
rollup-plugin-serve NPM version =0.1.0, =0.1.0, =0.0.1-alpha.1, =2.0.0, =1.0.2, =1.2.6, =0.0.1136, =0.2.0, =1.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.4 and more Source cves: CVE-2020-7684 Source advisory: OSV:GHSA-4J46-MP85-MV8C...
CVE-2020-7684
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
CVE-2020-7684 Directory Traversal
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
CVE-2020-7684
CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...
node-wakeup (=0.1.0) potentially affected by CVE-2020-7684 via rollup-plugin-serve-favicon (=0.4.7)
rollup-plugin-serve-favicon NPM version =0.4.7 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-serve-favicon and may be impacted: - node-wakeup =0.1.0 Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVEFAVICON-585950...