Description
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARSCODE-590122
Related Vulnerabilities
CVE-2023-26156 Vulnerability in npm package chromedriver
CVE-2022-39353 Vulnerability in npm package xmldom
CVE-2020-13128 Vulnerability in maven package com.googlecode.gwtupload:gwtupload
CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega
CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser