rollup-plugin-serve is vulnerable to path traversal. The readFile operation does not escape the urlPath
, allowing an attacker to input malicious characters to access files and directories that are outside the destination folder.
CPE | Name | Operator | Version |
---|---|---|---|
rollup-plugin-serve | le | 1.0.1 | |
rollup-plugin-serve | le | 1.0.1 |