CVE-2020-7684

HIGH

rollup-plugin-serve - Path Traversal via Unsanitized File Read Operation

Title source: llm
STIX 2.1

Description

This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation.

References (2)

Core 2
Core References
Broken Link x_refsource_misc
https://snyk.io/vuln/SNYK-JS-FASTHTTP-572886
Third Party Advisory
https://vuldb.com/?id.158745

Scores

CVSS v3 7.5
EPSS 0.0147
EPSS Percentile 70.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
npm/rollup-plugin-serve 0 - 1.0.2npm
rollup-plugin-serve_project/rollup-plugin-serve
Published Jul 17, 2020
Tracked Since Feb 18, 2026