Description
vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2.
Problem types
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
>= 0.4.3, < 2.3.2
References
github.com/...c-copy/security/advisories/GHSA-pp7p-q8fx-2968
