5 matches found
@ableaura/ableui (=0.1.0), @adobe/aio-cli-plugin-doc (=2.1.0) +867 more potentially affected by CVE-2023-34238 via gatsby (>=5.13.7 <=5.8.1)
gatsby NPM version =5.13.7, =2.4.6, =2.4.6, =2.2.27, =0.0.1, =2.0.0, =11.0.1, =1.0.0, =1.0.0, =7.0.0, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2023-34238 Source advisory: OSV:GHSA-C6F8-8R25-C4GC...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
gatsby 路径遍历漏洞
gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A path traversal vulnerability exists in Gatsby versions prior to 4.25.7 and prior to 5.9.1, which stems from a local file inclusion vulnerability in...
gatsby 跨站脚本漏洞
gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A cross-site scripting vulnerability exists in gatsby versions prior to 5.25.1 and 6.x prior to 6.3.2, which stems from a lack of cleanup of inputs a...
Information Disclosure
gatsby is vulnerable to information disclosure. Absolute paths of the build machine can be leaked in the source map files when gatsby build scripts are executed, exposing sensitive information such as the current user name...