Description
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://nodesecurity.io/advisories/341
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/pooledwebsocket
Related Vulnerabilities
CVE-2022-2048 Vulnerability in maven package org.eclipse.jetty.http2:http2-server
CVE-2013-2035 Vulnerability in maven package org.fusesource.hawtjni:hawtjni-runtime
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core