Description
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/311218
Related Vulnerabilities
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-snowflake
CVE-2020-19676 Vulnerability in maven package com.alibaba.nacos:nacos-api
CVE-2021-28164 Vulnerability in maven package org.eclipse.jetty:jetty-webapp
CVE-2022-40929 Vulnerability in maven package com.xuxueli:xxl-job-core