Design/Logic Flaw

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

CVE-2022-0343 affects Perfetto Dev scripts. A local attacker who can run the dev server (./tools/run-dev-server) may trigger HTTP requests to 127.0.0.1:10000, enabling a local privilege/escalation scenario. The issue is tied to the dev-server workflow rather than a remote vector. Remediation: upg...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...

Directory traversal in mkdocs

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...

GHSA-QH9Q-34H6-HCV9 Directory traversal in mkdocs

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information...

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

UBUNTU-CVE-2021-40978

DISPUTED The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

CVE-2021-40978

The CVE-2021-40978 issue affects MkDocs 1.2.2 with its built-in dev-server, where directory traversal is possible on port 8000, allowing remote disclosure of sensitive information. Some sources note vendor dispute and that exploitation requires unsafe use (e.g., public exposure). The Nuclei templ...

CVE-2021-40978

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

PT-2021-23030 · Mkdocs +1 · Mkdocs +1

Name of the Vulnerable Software and Affected Versions: mkdocs version 1.2.2 Description: The mkdocs built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Recommendations: For mkdocs version 1.2.2, as a temporary workaroun...

GHSA-W3J4-76QW-WWJM Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

GHSA-VR98-27QJ-3C8Q Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

rollup-plugin-dev-server path traversal vulnerability

rollup-plugin-dev-server is a plugin summary package. A path traversal vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-dev-server all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker t...

CVE-2020-7686

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...

Path traversal

This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...