Description
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/312889
Related Vulnerabilities
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-server-base
CVE-2022-23640 Vulnerability in maven package com.monitorjbl:xlsx-streamer
CVE-2020-7686 Vulnerability in npm package rollup-plugin-dev-server
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webmvc