GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().

**Directory Traversal vulnerability in serve-lite**

High severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 30, 2023

Headline

GHSA-5qq4-m6c3-xxmf: Directory Traversal vulnerability in serve-lite

Related news

ghsa: Latest News