@easy-team/easywebpack-cli is vulnerable to directory traversal. The vulnerability exists in the downloadTemplate
function in template.js
due to a lack of hiding the file mode which allows an attacker to obtain sensitive information via malicious GET request.
CPE | Name | Operator | Version |
---|---|---|---|
@easy-team/easywebpack-cli | le | 4.5.1 | |
@easy-team/easywebpack-cli | le | 4.5.1 |