Description
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
Remediation
References
https://devhub.checkmarx.com/cve-details/CVE-2023-46497/
https://devhub.checkmarx.com/cve-details/Cx16846793-56b6/
Related Vulnerabilities
CVE-2020-2184 Vulnerability in maven package org.jenkins-ci.plugins:cvs
CVE-2018-1296 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2022-36919 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2019-10358 Vulnerability in maven package org.jenkins-ci.main:maven-plugin
CVE-2020-7792 Vulnerability in maven package org.webjars:mout