org.webjars.npm:nitropack 1.0.0

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:nitropack package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Directory Traversal org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the `routeRules` function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing percent-encoded path traversal sequences. Note: This is only exploitable if the project uses proxy route rules with a wildcard suffix, the upstream decodes percent-encoded slashes before routing, and proxy rules are not handled natively at the CDN. How to fix Directory Traversal? A fix was pushed into the `master` branch but not yet published.	[0,)
M Open Redirect org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the `routeRules` function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route prefix, causing browsers to interpret the redirect as a protocol-relative URL. This is only exploitable if the project uses `routeRules` with a `redirect` entry that includes a wildcard suffix (such as `/**`), and the redirect is not handled natively at the CDN layer (e.g., not using the `vercel`, `netlify`, `cloudflare-pages`, or `edgeone` presets). How to fix Open Redirect? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Directory Traversal

org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers

Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing percent-encoded path traversal sequences.

Note:

This is only exploitable if the project uses proxy route rules with a wildcard suffix, the upstream decodes percent-encoded slashes before routing, and proxy rules are not handled natively at the CDN.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)

Open Redirect

org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers

Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route prefix, causing browsers to interpret the redirect as a protocol-relative URL. This is only exploitable if the project uses routeRules with a redirect entry that includes a wildcard suffix (such as /**), and the redirect is not handled natively at the CDN layer (e.g., not using the vercel, netlify, cloudflare-pages, or edgeone presets).

How to fix Open Redirect?

A fix was pushed into the master branch but not yet published.

[0,)

org.webjars.npm:nitropack@1.0.0

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically