Description
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons
https://nodesecurity.io/advisories/379
Related Vulnerabilities
CVE-2020-15256 Vulnerability in npm package object-path-set
CVE-2020-14062 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2018-19057 Vulnerability in maven package org.webjars.npm:simplemde
CVE-2020-10991 Vulnerability in maven package org.mule.modules:mule-module-apikit