Description
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/fbr-client
https://nodesecurity.io/advisories/449
Related Vulnerabilities
CVE-2016-10735 Vulnerability in maven package org.wildfly.swarm:bootstrap
CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-27516 Vulnerability in npm package urijs
CVE-2020-35202 Vulnerability in maven package org.igniterealtime.openfire.plugins:dbaccess
CVE-2019-10782 Vulnerability in maven package com.puppycrawl.tools:checkstyle