CVE-2020-7681: Path Traversal

July 25, 2020 (updated July 27, 2020)

This affects all versions of the marscode package. There is no path sanitization for the path provided in fs.readFile of index.js.

References

nvd.nist.gov/vuln/detail/CVE-2020-7681

Code Behaviors & Features

Detect and mitigate CVE-2020-7681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →