VYPR

npm package

@vendure/asset-server-plugin

pkg:npm/%40vendure/asset-server-plugin

Vulnerabilities (1)

  • CVE-2024-48914CriOct 15, 2024
    affected < 2.3.3fixed 2.3.3

    Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including