CVE-2020-24855: easywebpack-cli Path Traversal vulnerability

December 15, 2022

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.

References

github.com/advisories/GHSA-252h-2cmq-pmr6
github.com/easy-team/easywebpack-cli/commit/eb3f54603f58ea706d0c03fd6eb76c94176eae52
github.com/easy-team/easywebpack-cli/issues/25
nvd.nist.gov/vuln/detail/CVE-2020-24855

Detect and mitigate CVE-2020-24855 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →