Description
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/simple-npm-registry
https://nodesecurity.io/advisories/452
Related Vulnerabilities
CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-15119 Vulnerability in maven package org.webjars.bower:auth0-lock
CVE-2019-11002 Vulnerability in npm package materialize-css
CVE-2020-8929 Vulnerability in maven package com.google.crypto.tink:tink
CVE-2022-31139 Vulnerability in maven package io.github.karlatemp:unsafe-accessor