thgh
commented
1 year ago Even though it wouldn't be so hard to fix it, this package is not meant to be used a public server. So unless you are attacking yourself this vulnerability will probably not affect you.
lunacer
Hi,
I'm using a package that uses this, and Snyk warns me about this package is vulnerable to Directory Traversal. https://security.snyk.io/package/npm/rollup-plugin-serve/1.1.0 I'm way too novice to contribute to the project, so wonder if there's an upcoming plan to fix this soon.
Thanks,