Description
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding
https://nodesecurity.io/advisories/415
Related Vulnerabilities
CVE-2022-24913 Vulnerability in maven package com.fasterxml.util:java-merge-sort
CVE-2017-16188 Vulnerability in npm package reecerver
CVE-2021-43306 Vulnerability in maven package org.webjars:jquery-validation
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth
CVE-2020-36321 Vulnerability in maven package com.vaadin:flow-server