Description
commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/commentapp.stetsonwood
https://nodesecurity.io/advisories/470
Related Vulnerabilities
CVE-2023-38905 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2020-8205 Vulnerability in npm package @uppy/companion
CVE-2022-36313 Vulnerability in npm package file-type
CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-webflux
CVE-2020-28481 Vulnerability in maven package org.webjars.bower:socket.io