Description
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 12.2.0
References
Related Issues
- Path traversal in rollup-plugin-serve - CVE-2020-7684
- MJML vulnerable to path traversal - CVE-2020-12827
- React Router has Path Traversal in File Session Storage - CVE-2025-61686
- React Router has Path Traversal in File Session Storage (GHSA-9583-h5hc-x8cw) - CVE-2025-61686
- Tags:
- npm
- droppy
Anything's wrong? Let us know Last updated on February 01, 2023