GHSA-G7R4-M6W7-QQQR esbuild allows arbitrary file read when running the development server on Windows

Summary The development server contains a path traversal vulnerability on Windows when serving files from servedir. Due to the use of path.Clean which only normalizes forward-slash / separators instead of a Windows-aware path normalization function, it is possible to craft requests using...

esbuild allows arbitrary file read when running the development server on Windows

Summary The development server contains a path traversal vulnerability on Windows when serving files from servedir. Due to the use of path.Clean which only normalizes forward-slash / separators instead of a Windows-aware path normalization function, it is possible to craft requests using...

EUVD-2024-46053

Malicious code in bioql PyPI...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems

The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, http/file-server's serveDir with showDirListing: true option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names...

GHSA-QRQQ-9C63-XFRG tower-http's improper validation of Windows paths could lead to directory traversal attack

towerhttp::services::fs::ServeDir didn't correctly validate Windows paths, meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This only...

Directory Traversal

secure-servedir is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

Directory Traversal

servedir is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...