Description
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
Remediation
References
https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82
https://hackerone.com/reports/310690
Related Vulnerabilities
CVE-2021-4279 Vulnerability in maven package org.webjars.npm:fast-json-patch
CVE-2020-5421 Vulnerability in maven package org.springframework:spring-web
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.diguoyihao:layui
CVE-2022-4493 Vulnerability in maven package io.scif:scifio
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-server-base