Directory traversal in mkdocs

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...

GHSA-QH9Q-34H6-HCV9 Directory traversal in mkdocs

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

UBUNTU-CVE-2021-40978

DISPUTED The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and...

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

CVE-2021-40978

The CVE-2021-40978 issue affects MkDocs 1.2.2 with its built-in dev-server, where directory traversal is possible on port 8000, allowing remote disclosure of sensitive information. Some sources note vendor dispute and that exploitation requires unsafe use (e.g., public exposure). The Nuclei templ...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

PT-2021-23030 · Mkdocs +1 · Mkdocs +1

Name of the Vulnerable Software and Affected Versions: mkdocs version 1.2.2 Description: The mkdocs built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Recommendations: For mkdocs version 1.2.2, as a temporary workaroun...

Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

GHSA-W3J4-76QW-WWJM Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

GHSA-VR98-27QJ-3C8Q Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

rollup-plugin-dev-server path traversal vulnerability

rollup-plugin-dev-server is a plugin summary package. A path traversal vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-dev-server all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker t...

CVE-2020-7686

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

Path traversal

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

CVE-2020-7686

CVE-2020-7686 affects all versions of rollup-plugin-dev-server. The issue is a directory traversal vulnerability caused by lack of path sanitization in the readFile operation within the readFileFromContentBase function, enabling potential access to arbitrary files. Multiple sources (NVD, CVE list...

CVE-2020-7686 Directory Traversal

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +23497 more potentially affected by CVE-2018-14732 via webpack-dev-server (>=1.10.1 <=3.1.10)

webpack-dev-server NPM version =1.10.1, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0...