Description
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/fbr-client
https://nodesecurity.io/advisories/449
Related Vulnerabilities
CVE-2023-29003 Vulnerability in npm package @sveltejs/kit
CVE-2020-36649 Vulnerability in maven package org.webjars.bowergithub.mholt:papaparse
CVE-2020-7641 Vulnerability in npm package grunt-util-property
CVE-2019-0227 Vulnerability in maven package org.apache.axis:axis-rt-core
CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core