Description
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121
Related Vulnerabilities
CVE-2021-43821 Vulnerability in maven package org.opencastproject:opencast-ingest-service-impl
CVE-2017-16209 Vulnerability in npm package enserver
CVE-2021-29443 Vulnerability in npm package jose
CVE-2022-36884 Vulnerability in maven package org.jenkins-ci.plugins:git
CVE-2023-24187 Vulnerability in maven package com.bstek.ureport:ureport2-core