2 matches found
CVE-2026-44373
Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a proxy route rule by sending percent-encoded path traversal ..%2f in the URL, causing Nitro to forward a request that the upstream resolved outside the configured scope. This vulnerability is fixed in...
Directory Traversal
Overview org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs...