GHSA-f3vw-587g-r29g: Path Traversal in sapper

Severity: Critical

CVSS Score: 10

Versions of `sapper` prior to 0.27.11 are vulnerable to Path Traversal. It is possible to access sensitive files on the server through HTTP requests containing URL-encoded `../`. You may test a `sapper` application running in prod mode with `curl -vvv http://localhost:3000/client/750af05c3a69ddc6073a/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd`. ## Recommendation Upgrade to version 0.27.11 or later.