EUVD-2021-0942

Malware in sbrugna...

Path traversal in rollup-plugin-serve

Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...

Path traversal in rollup-plugin-serve

Path traversal in npm package rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation...

@appnest/web-config (>=0.1.0 <=0.1.35), @auth0/oidc-implicit-flow (>=0.0.1-alpha.1 <=0.0.1-alpha.4) +33 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=1.0.1)

rollup-plugin-serve NPM version =0.1.0, =0.1.0, =0.0.1-alpha.1, =2.0.0, =1.0.2, =1.2.6, =0.0.1136, =0.2.0, =1.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.4 and more Source cves: CVE-2020-7684 Source advisory: OSV:GHSA-4J46-MP85-MV8C...

GHSA-4J46-MP85-MV8C Path traversal in rollup-plugin-serve

Path traversal in npm package rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation...

rollup-plugin-serve path traversal vulnerability

rollup-plugin-serve is a module bundler package for JavaScript. A security vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-server, which stems from the program's failure to clean up paths. No details of the vulnerability are available at...

rollup-plugin-serve path traversal vulnerability

rollup-plugin-serve is a module bundler package for JavaScript. A path traversal vulnerability exists in rollup-plugin-serve, which stems from a failure to clear a path when the program performs a readFile operation. No details of the vulnerability are available at this time...

CVE-2020-7684

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

CVE-2020-7684 Directory Traversal

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...

CVE-2020-7684

CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...

Directory Traversal

Overview rollup-plugin-serve is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve"; serve...

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @aliyun-sls/sls-app-loader (>=0.0.12 <=0.0.18) +358 more potentially affected by CVE-2020-7684 via rollup-plugin-serve (>=0.1.0 <=3.0.0)

rollup-plugin-serve NPM version =0.1.0, =0.0.1, =0.0.12, =0.1.0, =0.0.1-alpha.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =7.0.1, =7.0.1, =13.0.0 and more Source cves: CVE-2020-7684 Source advisory: SNYK:JS-ROLLUPPLUGINSERVE-585897...