Vulnerability	Vulnerable Version
L Directory Traversal Affected versions of this package are vulnerable to Directory Traversal via the `extractZipArchive()` function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js download and serving a specially crafted ZIP archive containing path traversal sequences. Note: This is only exploitable if the system does not have a compatible Node.js version preinstalled globally, allowing the build process to automatically download and extract Node.js. How to fix Directory Traversal? Upgrade `com.vaadin:flow-build-tools` to version 25.0.3 or higher.	[25.0.0-rc1,25.0.3)

Directory Traversal

Affected versions of this package are vulnerable to Directory Traversal via the extractZipArchive() function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js download and serving a specially crafted ZIP archive containing path traversal sequences.

Note:

This is only exploitable if the system does not have a compatible Node.js version preinstalled globally, allowing the build process to automatically download and extract Node.js.

How to fix Directory Traversal?

Upgrade com.vaadin:flow-build-tools to version 25.0.3 or higher.

[25.0.0-rc1,25.0.3)

Go back to all versions of this package