Description
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/309124
Related Vulnerabilities
CVE-2021-46063 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx
CVE-2021-3859 Vulnerability in maven package io.undertow:undertow-core
CVE-2020-7663 Vulnerability in npm package websocket-extensions
CVE-2016-10735 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap