Description
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/309124
Related Vulnerabilities
CVE-2020-8134 Vulnerability in npm package ghost
CVE-2021-23430 Vulnerability in npm package startserver
CVE-2021-21290 Vulnerability in maven package io.netty:netty-testsuite
CVE-2022-43441 Vulnerability in npm package sqlite3
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.10