Description
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/picard
https://nodesecurity.io/advisories/436
Related Vulnerabilities
CVE-2022-29166 Vulnerability in npm package matrix-appservice-irc
CVE-2021-43309 Vulnerability in npm package uri-template-lite
CVE-2019-19703 Vulnerability in maven package io.ktor:ktor-client-core
CVE-2023-0842 Vulnerability in maven package org.webjars.npm:xml2js
CVE-2019-10744 Vulnerability in maven package org.webjars.npm:lodash