Description
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121
Related Vulnerabilities
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa
CVE-2018-20190 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2022-34115 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2020-7663 Vulnerability in maven package org.webjars.npm:websocket-extensions
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-keycloak-authorization