Description
Path traversal in npm package rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation.
Recommendation
Update the rollup-plugin-serve package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.2
- Patched version(s): 1.0.2
References
Related Issues
- Directory traversal in rollup-plugin-server - CVE-2020-7686
- Directory traversal in rollup-plugin-server (GHSA-34gh-3cwv-wvp2) - CVE-2020-7683
- Path traversal vulnerability in gatsby-plugin-sharp - CVE-2023-30548
- MJML vulnerable to path traversal - CVE-2020-12827
- Tags:
- npm
- rollup-plugin-serve
Anything's wrong? Let us know Last updated on February 01, 2023