4 matches found
@etalab/cadastre (>=0.14.0 <=0.21.0), @fmidev/smartmet-alert-client (>=3.0.0 <=3.8.8) +14 more potentially affected by CVE-2024-1163 via mapshaper (>=0.3.43 <=0.6.42)
mapshaper NPM version =0.3.43, =0.14.0, =3.0.0, =0.0.1, =0.1.9, =0.1.0, =0.0.1, =0.0.3, =2.1.0, =1.3.1, =0.0.1, =0.0.1, =0.1.0 - tile-maker =0.0.1 and more Source cves: CVE-2024-1163 Source advisory: OSV:GHSA-8M36-62RW-9MXW...
CVE-2024-1163 Path traversal vulnerability in mapshaper
The attacker may exploit a path traversal vulnerability leading to information disclosure...
CVE-2024-1163
CVE-2024-1163 maps to a path traversal vulnerability in mapshaper (mbloch/mapshaper) prior to version 0.6.44. The root cause is unsanitized/unsafe handling of the request URL path, enabling an attacker to read arbitrary files on the system with the user’s privileges. Public sources in the connect...
CVE-2024-1163 Path traversal vulnerability in mapshaper
The attacker may exploit a path traversal vulnerability leading to information disclosure...