Description
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/310690
https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.diguoyihao:layui
CVE-2021-25979 Vulnerability in npm package apostrophe
CVE-2020-11987 Vulnerability in maven package org.apache.xmlgraphics:batik-svgbrowser
CVE-2019-10744 Vulnerability in maven package org.webjars.npm:lodash
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.12