Description
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry
https://nodesecurity.io/advisories/452
Related Vulnerabilities
CVE-2021-21430 Vulnerability in maven package org.openapitools:openapi-generator-project
CVE-2020-19698 Vulnerability in maven package org.webjars.bower:editor.md
CVE-2020-28471 Vulnerability in npm package properties-reader
CVE-2022-25914 Vulnerability in maven package com.google.cloud.tools:jib-core
CVE-2020-2220 Vulnerability in maven package org.jenkins-ci.main:jenkins-core