-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper path handling in the template copying logic. The commit diff shows the fix added { hide: false } to d.copy() and corrected the destination path construction using path.join(dist, name). This indicates the original code copied files/directories without properly resolving relative paths, allowing attackers to escape the target directory via crafted filenames. The GitHub issue confirms this behavior was exploitable via HTTP requests to the server initialized by the CLI.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @easy-team/easywebpack-cli | npm | < 4.5.2 | 4.5.2 |
A Semantic Attack on Google Gemini - Read the Latest Research