Name of the Vulnerable Software and Affected Versions expressfs versions (all versions)

Description The issue concerns a lack of validation for user input on several API endpoints, allowing attackers to execute arbitrary commands in the system. The affected endpoints include expressfs.appendFile, expressfs.cp, expressfs.create, and expressfs.rmdir.

Recommendations Consider using an alternative module until a fix is made available. As a temporary workaround, consider restricting access to the vulnerable API endpoints expressfs.appendFile, expressfs.cp, expressfs.create, and expressfs.rmdir to minimize the risk of exploitation.