PT-2020-19709 · Rollup · Rollup-Plugin-Dev-Server

Published

2020-07-25

Updated

2020-07-29

CVE-2020-7686

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions rollup-plugin-dev-server versions all

Description The issue is related to the lack of path sanitization in the readFile operation inside the readFileFromContentBase function. This could potentially lead to security issues, as it may allow unauthorized access to files.

Recommendations For all versions, consider disabling the readFileFromContentBase function until a patch is available, or restrict its use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-7686

GHSA-VR98-27QJ-3C8Q

Affected Products

Rollup-Plugin-Dev-Server

PT-2020-19709 · Rollup · Rollup-Plugin-Dev-Server

CVE-2020-7686

Weakness Enumeration

Related Identifiers

Affected Products

References · 3