Description
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121
Related Vulnerabilities
CVE-2020-28500 Vulnerability in npm package lodash
CVE-2017-16113 Vulnerability in maven package org.webjars.npm:parsejson
CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2018-6464 Vulnerability in npm package simditor
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector