Merge pull request #1588 from contentstack/fix/DX-1498

fix: Path Traversal via Path Join/Resolve
contentstack · Sep 25, 2024 · bfbc0aa · bfbc0aa
2 parents 28af8cd + ad3f969
commit bfbc0aa
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/contentstack-variants/src/import/experiences.ts b/packages/contentstack-variants/src/import/experiences.ts
@@ -162,7 +162,7 @@ export default class Experiences extends PersonalizationAdapter<ImportConfig> {
    * function import experience versions from a JSON file and creates them in the project.
    */
   async importExperienceVersions(experience: ExperienceStruct, oldExperienceUid: string) {
-    const versionsPath = resolve(sanitizePath(this.experiencesDirPath), 'versions', `${oldExperienceUid}.json`);
+    const versionsPath = resolve(sanitizePath(this.experiencesDirPath), 'versions', `${sanitizePath(oldExperienceUid)}.json`);
 
     if (!existsSync(versionsPath)) {
       return;