Description
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Remediation
References
https://nodesecurity.io/advisories/365
https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/serverlyr
Related Vulnerabilities
CVE-2020-10650 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-8175 Vulnerability in maven package org.webjars.npm:jpeg-js
CVE-2021-3815 Vulnerability in npm package @fabiocaccamo/utils.js
CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin
CVE-2016-4055 Vulnerability in maven package org.fujion.webjars:moment