rollup-plugin-server is vulnerable to path traversal attack. The vulnerability exists due to a lack of proper handling of user-provided path parameters in the readFile
operation performed inside the readFileFromContentBase
function, allowing an attacker to access arbitrary system files using dot-dot-slash (../)
.
CPE | Name | Operator | Version |
---|---|---|---|
rollup-plugin-server | le | 0.7.0 | |
rollup-plugin-server | le | 0.7.0 |