Description
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio
https://nodesecurity.io/advisories/460
Related Vulnerabilities
CVE-2020-7765 Vulnerability in npm package @firebase/util
CVE-2020-23811 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2018-1999002 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal
CVE-2021-46708 Vulnerability in maven package com.microfocus.webjars:swagger-ui-dist