Description
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://nodesecurity.io/advisories/453
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/scott-blanch-weather-app
Related Vulnerabilities
CVE-2017-16113 Vulnerability in npm package parsejson
CVE-2021-22096 Vulnerability in maven package org.springframework:spring-core
CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog
CVE-2022-21803 Vulnerability in maven package org.webjars.npm:nconf
CVE-2016-10589 Vulnerability in npm package selenium-binaries