Description
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121
Related Vulnerabilities
CVE-2023-22467 Vulnerability in maven package org.webjars.npm:luxon
CVE-2020-23814 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2021-23446 Vulnerability in npm package handsontable
CVE-2021-26540 Vulnerability in npm package sanitize-html
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-services