lite-dev-server is vulnerable to path traversal. The vulnerability exists in server.js
because it aims to access files and directories that are stored outside the intended folder. By manipulating files with dot-dot-slash (../)
sequences and its variations it may be possible to access arbitrary files and directories stored on the file system.
CPE | Name | Operator | Version |
---|---|---|---|
lite-dev-server | le | 3.2.7 | |
lite-dev-server | le | 3.2.7 |