Description
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/312907
Related Vulnerabilities
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-client
CVE-2022-25883 Vulnerability in npm package semver
CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js
CVE-2023-25330 Vulnerability in maven package com.baomidou:mybatis-plus-extension
CVE-2023-49145 Vulnerability in maven package org.apache.nifi:nifi-jolt-transform-json-ui