Description
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dasafio
https://nodesecurity.io/advisories/460
Related Vulnerabilities
CVE-2022-37266 Vulnerability in npm package steal
CVE-2022-24785 Vulnerability in maven package org.webjars.bower:moment
CVE-2022-31110 Vulnerability in npm package rsshub
CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server
CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar