Name of the Vulnerable Software and Affected Versions: node-export-server versions prior to 2.1.0

Description: The issue allows for reading and outputting files served by other services on the internal network. This potentially enables a malicious user to gain read access to internal web resources if the export server is exposed to the internet. The impact is limited to internal services serving content via HTTP(S) and requires knowledge of internal hostnames/IP addresses.

Recommendations: For versions prior to 2.1.0, upgrade to version 2.1.0 to address the issue. Note that version 2.1.0 is not backwards compatible out of the box, so review the changelog for details. Additionally, consider upgrading to the latest version of Highcharts, version 9.0 or later, to benefit from added input sanitation.