2 matches found
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
Directory Traversal
Overview @google/clasp is a Develop Apps Script Projects locally Affected versions of this package are vulnerable to Directory Traversal in the fetchRemote function in files.ts. An attacker can overwrite files outside the intended project directory via pull and clone commands. Details A Directory...