Description
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/311218
Related Vulnerabilities
CVE-2018-3738 Vulnerability in maven package org.webjars.npm:protobufjs
CVE-2020-24922 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2022-2217 Vulnerability in npm package parse-url
CVE-2021-41862 Vulnerability in maven package com.googlecode.aviator:aviator
CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.11