Description
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Remediation
References
https://hackerone.com/reports/312889
Related Vulnerabilities
CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery
CVE-2020-26282 Vulnerability in maven package com.browserup:browserup-proxy-rest
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2022-39368 Vulnerability in maven package org.eclipse.californium:element-connector
CVE-2018-20318 Vulnerability in maven package com.github.binarywang:weixin-java-common