Name of the Vulnerable Software and Affected Versions larvitbase-www versions (affected versions not specified)

Description The issue concerns an Unintended Require in the package, which exposes an API endpoint. A GET parameter is passed unsanitized to a require() call, allowing attackers to execute any .js file in the same folder as the server is running.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.