Description
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/312889
Related Vulnerabilities
CVE-2018-3721 Vulnerability in npm package lodash.mergewith
CVE-2022-25845 Vulnerability in maven package com.alibaba:fastjson
CVE-2013-1942 Vulnerability in npm package jplayer
CVE-2023-49374 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-45135 Vulnerability in maven package org.apache.cocoon:cocoon-databases-impl