Description
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
Remediation
References
https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82
https://hackerone.com/reports/310690
Related Vulnerabilities
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4
CVE-2022-21191 Vulnerability in npm package global-modules-path
CVE-2022-25645 Vulnerability in maven package org.webjars.npm:dset
CVE-2023-5654 Vulnerability in npm package react-devtools-core
CVE-2017-2608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core