Description
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121
Related Vulnerabilities
CVE-2015-5347 Vulnerability in maven package org.apache.wicket:wicket-extensions
CVE-2020-7726 Vulnerability in npm package safe-object2
CVE-2021-3223 Vulnerability in npm package node-red-dashboard
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2021-42767 Vulnerability in maven package org.neo4j.procedure:apoc