Description
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
Remediation
References
https://devhub.checkmarx.com/cve-details/Cx16846793-56b6/
https://devhub.checkmarx.com/cve-details/CVE-2023-46497/
Related Vulnerabilities
CVE-2023-46495 Vulnerability in npm package @evershop/evershop
CVE-2022-29631 Vulnerability in maven package org.jodd:jodd-http
CVE-2022-42743 Vulnerability in npm package deep-parse-json
CVE-2021-34080 Vulnerability in npm package ssl-utils
CVE-2017-15095 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind