Description
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
Remediation
References
https://github.com/danielcardoso/html-pages/issues/2
https://hackerone.com/reports/306607
Related Vulnerabilities
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina-ant
CVE-2018-20676 Vulnerability in maven package org.webjars.bower:bootstrap
CVE-2022-45689 Vulnerability in maven package cn.hutool:hutool-json
CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts
CVE-2020-8237 Vulnerability in maven package org.webjars.bower:json-bigint