Name of the Vulnerable Software and Affected Versions localhost-now versions 1.0.2 and later

Description The issue allows for path traversal, effectively bypassing the fix introduced in version 1.0.2. A proof of concept demonstrates this using a curl command to access the /etc/passwd file.

Recommendations For all versions, consider avoiding the use of the localhost-now module until a fix is available. As a temporary workaround, restrict access to sensitive files and directories to minimize the risk of exploitation.