Description
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 12.2.0
References
Related Issues
- Double spend in snarkjs - CVE-2023-33252
- SSRF & Credentials Leak - CVE-2023-49799
- HTML Injection in preact - Vulnerability
- No CSRF Validation in droppy - CVE-2016-10529
- Tags:
- npm
- droppy
Anything's wrong? Let us know Last updated on February 01, 2023