Description
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/309120
Related Vulnerabilities
CVE-2020-19698 Vulnerability in maven package org.webjars.npm:editor.md
CVE-2011-4969 Vulnerability in maven package org.webjars.bower:jquery
CVE-2018-1000160 Vulnerability in npm package @risingstack/protect
CVE-2022-40151 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-4348 Vulnerability in maven package com.ruoyi:ruoyi-common