Description
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.
Remediation
References
https://devhub.checkmarx.com/cve-details/Cx943be66a-54cc/
https://devhub.checkmarx.com/cve-details/CVE-2023-46496/
Related Vulnerabilities
CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf
CVE-2020-21122 Vulnerability in maven package com.bstek.ureport:ureport2-console
CVE-2019-20444 Vulnerability in maven package io.netty:netty-codec-http
CVE-2020-2187 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-api