EUVD-2022-7708

Malicious code in bioql PyPI...

Path Traversal

lite-dev-server is vulnerable to path traversal. The vulnerability exists in server.js because it aims to access files and directories that are stored outside the intended folder. By manipulating files with dot-dot-slash ../ sequences and its variations it may be possible to access arbitrary file...

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25895

CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

GHSA-PPPV-CH8P-RP2W lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: OSV:GHSA-PPPV-CH8P-RP2W...

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

lite-dev-server 路径遍历漏洞

lite-dev-server is an http file server for development by the individual developer Gavrilov Rusla. A security vulnerability exists in lite-dev-server that stems from a lack of input cleanup and a directory traversal vulnerability...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...