Description
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/310943
Related Vulnerabilities
CVE-2022-23059 Vulnerability in maven package com.shopizer:shopizer
CVE-2022-0265 Vulnerability in maven package com.hazelcast:hazelcast
CVE-2022-40764 Vulnerability in npm package snyk
CVE-2023-49093 Vulnerability in maven package org.htmlunit:htmlunit
CVE-2012-5785 Vulnerability in maven package org.apache.axis2:axis2