269 matches found
CVE-2020-7684
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
CVE-2020-7684
CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...
CVE-2020-7684 Directory Traversal
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
node-wakeup (=0.1.0) potentially affected by CVE-2020-7684 via rollup-plugin-serve-favicon (=0.4.7)
rollup-plugin-serve-favicon NPM version =0.4.7 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-serve-favicon and may be impacted: - node-wakeup =0.1.0 Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVEFAVICON-585950...
@ahone/svg2canvas (>=0.0.1 <=0.0.7), @aliyun-sls/sls-app-loader (>=0.0.12 <=0.0.18) +357 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=3.0.0)
rollup-plugin-serve NPM version =0.1.0, =0.0.1, =0.0.12, =0.1.0, =0.0.1-alpha.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =7.0.1, =7.0.1, =13.0.0 and more Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVE-585897...
Directory Traversal
Overview rollup-plugin-serve-favicon is a rollup plugin to serve bundles. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve";...
Directory Traversal
Overview rollup-plugin-serve is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve"; serve...
@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)
rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: SNYK:JS-ROLLUPPLUGINSERVER-590123...
Directory Traversal
Overview rollup-plugin-server is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. PoC by JHU System Security Lab 1. Create a serv...