Description
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
Remediation
References
https://github.com/shy2850/node-server/issues/10
https://github.com/shy2850/node-server/pull/12/files
https://nodesecurity.io/advisories/346
Related Vulnerabilities
CVE-2021-21353 Vulnerability in npm package pug
CVE-2022-41713 Vulnerability in maven package org.webjars.npm:deep-object-diff
CVE-2022-23617 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2023-2972 Vulnerability in npm package @antfu/utils
CVE-2018-14732 Vulnerability in npm package webpack-dev-server