3 matches found
@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7686 via rollup-plugin-server (=0.7.0)
rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7686 Source advisory: OSV:GHSA-VR98-27QJ-3C8Q...
CVE-2020-7686
CVE-2020-7686 affects all versions of rollup-plugin-dev-server. The issue is a directory traversal vulnerability caused by lack of path sanitization in the readFile operation within the readFileFromContentBase function, enabling potential access to arbitrary files. Multiple sources (NVD, CVE list...
CVE-2020-7686 Directory Traversal
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...