Lucene search
+L

269 matches found

NVD
NVD
added 2020/07/17 8:15 a.m.27 views

CVE-2020-7684

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

9.8CVSS0.01474EPSS
Exploits0References2
CVE
CVE
added 2020/07/17 7:25 a.m.57 views

CVE-2020-7684

CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...

9.8CVSS8.6AI score0.01474EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/17 7:25 a.m.31 views

CVE-2020-7684 Directory Traversal

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

7.5CVSS9.5AI score0.01474EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/06/20 12:38 p.m.6 views

node-wakeup (=0.1.0) potentially affected by CVE-2020-7684 via rollup-plugin-serve-favicon (=0.4.7)

rollup-plugin-serve-favicon NPM version =0.4.7 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-serve-favicon and may be impacted: - node-wakeup =0.1.0 Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVEFAVICON-585950...

9.8CVSS7.2AI score0.01474EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/06/20 12:38 p.m.5 views

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @aliyun-sls/sls-app-loader (>=0.0.12 <=0.0.18) +357 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=3.0.0)

rollup-plugin-serve NPM version =0.1.0, =0.0.1, =0.0.12, =0.1.0, =0.0.1-alpha.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =7.0.1, =7.0.1, =13.0.0 and more Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVE-585897...

9.8CVSS7.2AI score0.01474EPSS
Exploits0
Snyk
Snyk
added 2020/06/20 12:38 p.m.8 views

Directory Traversal

Overview rollup-plugin-serve-favicon is a rollup plugin to serve bundles. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve";...

9.8CVSS7.5AI score0.01474EPSS
Exploits0References2
Snyk
Snyk
added 2020/06/20 12:38 p.m.6 views

Directory Traversal

Overview rollup-plugin-serve is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve"; serve...

9.8CVSS7.5AI score0.01474EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/06/20 12:38 p.m.5 views

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: SNYK:JS-ROLLUPPLUGINSERVER-590123...

7.5CVSS7.1AI score0.01768EPSS
Exploits1
Snyk
Snyk
added 2020/06/20 12:38 p.m.6 views

Directory Traversal

Overview rollup-plugin-server is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. PoC by JHU System Security Lab 1. Create a serv...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References2
Rows per page
Query Builder