CVE-2024-29180: Path traversal in webpack-dev-middleware

The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer’s machine.

References

Code Behaviors & Features

Detect and mitigate CVE-2024-29180 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →