Description
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Remediation
References
https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js%23L134
https://gist.github.com/lirantal/0f8a48c3f5ac581ce73123abe9f7f120
https://security.snyk.io/vuln/SNYK-JS-LITEDEVSERVER-3153718
Related Vulnerabilities
CVE-2023-30531 Vulnerability in maven package org.jenkins-ci.plugins:consul-kv-builder
CVE-2021-41182 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth
CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions