Name of the Vulnerable Software and Affected Versions nodeload-nmickuli (affected versions not specified)

Description The issue allows a malicious actor to access files outside of the intended directory root, potentially disclosing private files on the vulnerable system. This is achieved through a directory traversal vulnerability, where relative file paths are resolved. For example, a malicious request to /../../../../../../../../../../etc/passwd could expose sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.