Description
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
Remediation
References
https://hackerone.com/reports/432600
Related Vulnerabilities
CVE-2020-7730 Vulnerability in npm package bestzip
CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system
CVE-2022-31160 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2023-3691 Vulnerability in maven package org.webjars:layui
CVE-2018-11696 Vulnerability in maven package org.webjars.npm:node-sass