Description
The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the __file-code-frame and __original-stack-frame paths, exposed when running the Gatsby develop server (gatsby develop).
Recommendation
Update the gatsby package to the latest compatible version. Followings are version details:
Affected version(s): **>= 5.0.0, <= 5.9.0 <= 4.25.6** Patched version(s): **5.9.1 4.25.7**
References
Related Issues
- FUXA local file inclusion vulnerability - CVE-2023-31718
- jsPDF has Local File Inclusion/Path Traversal vulnerability - CVE-2025-68428
- FUXA vulnerable to Local File Inclusion - CVE-2023-31716
- Astro Development Server has Arbitrary Local File Read - CVE-2025-64757
- Tags:
- npm
- gatsby
Anything's wrong? Let us know Last updated on November 11, 2023