EUVD-2020-0530

Malware in sbrugna...

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: OSV:GHSA-34GH-3CWV-WVP2...

GHSA-34GH-3CWV-WVP2 Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

Directory traversal in rollup-plugin-server

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

Path Traversal

rollup-plugin-server is vulnerable to path traversal attack. The vulnerability exists due to a lack of proper handling of user-provided path parameters in the readFile operation performed inside the readFileFromContentBase function, allowing an attacker to access arbitrary system files using...

CVE-2020-7683

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

Path traversal

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

CVE-2020-7683 Directory Traversal

This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7683 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7683 Source advisory: SNYK:JS-ROLLUPPLUGINSERVER-590123...

Directory Traversal

Overview rollup-plugin-server is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. PoC by JHU System Security Lab 1. Create a serv...