3 matches found
CVE-2026-27606
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...
CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...
0.2-ui (=0.0.1), 0xgank-tea-advice-pull (=1.0.0) +15791 more potentially affected by CVE-2024-47068 via rollup (>=0.10.0 <=2.79.1)
rollup NPM version =0.10.0, =2.79.1 is affected by a known vulnerability. The following packages have a transitive dependency on rollup and may be impacted: - 0.2-ui =0.0.1 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory...