Description
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 12.2.0
References
Related Issues
- MJML vulnerable to path traversal - CVE-2020-12827
- Path traversal in rollup-plugin-serve - CVE-2020-7684
- i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters - CVE-2026-41690
- Path traversal vulnerability in gatsby-plugin-sharp - CVE-2023-30548
You might also like:
- Tags:
- npm
- droppy
Anything's wrong? Let us know Last updated on February 01, 2023


