Description
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder
https://nodesecurity.io/advisories/467
Related Vulnerabilities
CVE-2021-35513 Vulnerability in maven package org.webjars.bower:mermaid
CVE-2021-44548 Vulnerability in maven package org.apache.solr:solr-core
CVE-2021-21368 Vulnerability in maven package org.webjars.npm:msgpack5
CVE-2016-9177 Vulnerability in maven package com.sparkjava:spark-core
CVE-2021-41251 Vulnerability in npm package @sap-cloud-sdk/core