VDB
GCVE-110-CLOUD-2025-0029
GCVE-110-CLOUD-2025-0029
Advisory Published
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Cloudflare | Access | — | — |
References
Dataform cross-tenant path traversal
advisory
Browse GCVE Records
71,925 records in the GCVE database · Updated July 13, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.