Description
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/uv-tj-demo
https://nodesecurity.io/advisories/428
Related Vulnerabilities
CVE-2021-31684 Vulnerability in maven package net.minidev:json-smart
CVE-2023-22579 Vulnerability in npm package @sequelize/core
CVE-2021-21384 Vulnerability in npm package shescape
CVE-2021-21351 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-24827 Vulnerability in maven package com.yahoo.elide:elide-datastore-aggregation