5 matches found
rollup-plugin-serve path traversal vulnerability
rollup-plugin-serve is a module bundler package for JavaScript. A security vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-server, which stems from the program's failure to clean up paths. No details of the vulnerability are available at...
GHSA-VR98-27QJ-3C8Q Directory traversal in rollup-plugin-server
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
rollup-plugin-dev-server path traversal vulnerability
rollup-plugin-dev-server is a plugin summary package. A path traversal vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-dev-server all versions, which stems from the program's failure to clean up paths, and can be exploited by an attacker t...
CVE-2020-7686
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
Directory Traversal
Overview rollup-plugin-dev-server is a server for serving rolled up bundles like webpack-dev-server. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation inside the readFileFromContentBase function. PoC by JHU System Security...