CVE-2019-5416

Name of the Vulnerable Software and Affected Versions localhost-now version 1.0.2 localhost-now versions prior to a fixed version (no fixed version specified)

Description A path traversal issue allows attackers to read the content of arbitrary files on the remote server. The package fails to sanitize URLs, enabling attackers to access server files outside of the served folder using relative paths.

Recommendations For version 1.0.2, consider using an alternative package until a fix is made available. For versions prior to a fixed version, consider using an alternative package until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.