Description
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-ROLLUPPLUGINSERVER-590123
Related Vulnerabilities
CVE-2022-23059 Vulnerability in maven package com.shopizer:shopizer
CVE-2018-13863 Vulnerability in npm package bson
CVE-2021-21346 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-21653 Vulnerability in maven package org.typelevel:jawn-parser_3
CVE-2020-8908 Vulnerability in maven package com.google.guava:guava