8 matches found
@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)
ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...
@cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15), @enab/uipkg (>=0.0.2-beta.0 <=0.0.2-beta.23) +4 more potentially affected by CVE-2025-54387 via ipx (>=1.0.0-2 <=1.1.0)
ipx NPM version =1.0.0-2, =0.0.1, =0.0.2-beta.0, =0.1.0, =1.0.0-27821548.ab054e4, =0.0.3, =0.0.4-beta-6 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...
CVE-2025-54387
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...
CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...
@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)
ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JCR...
@brandboostinggmbh/image (=0.6.2), @cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15) +46 more potentially affected by CVE-2025-54387 via ipx (>=0.3.2 <=1.1.0)
ipx NPM version =0.3.2, =0.0.1, =1.0.0, =1.0.0-27100507.943fa27, =1.0.3, =1.0.3-27133259.82aaae0, =0.0.2-beta.0, =0.2.0, =14.9.23-prev, =0.6.3, =0.6.2, =1.0.0-beta.2, =1.0.0-beta.2, =1.0.18, =1.0.0-beta.4, =1.0.0-beta.12 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JC...
CVE-2025-54387
creationtimestamp| type| source ---|---|--- 2025-08-04 07:39:33+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkouos7n22t 2025-08-04 07:39:34+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkouosigc2t 2025-08-04 07:46:22+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkpauh5ik2t...
PT-2025-31806 · Ipx · Ipx
Name of the Vulnerable Software and Affected Versions: IPX versions 1.3.1 and below IPX versions 2.0.0-0 through 2.1.0 IPX versions 3.0.0 through 3.1.0 Description: IPX, an image optimizer powered by sharp and svgo, is susceptible to a path prefix bypass when verifying if a path is within allowed...