CVE-2023-46497

Name of the Vulnerable Software and Affected Versions EverShop NPM versions prior to 1.0.0-rc.8

Description The issue allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the "folderCreate/createFolder.js" endpoint. This enables the attacker to potentially access unauthorized areas of the system.

Recommendations For EverShop NPM versions prior to 1.0.0-rc.8, update to version 1.0.0-rc.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the mkdirSync function in the "folderCreate/createFolder.js" endpoint until a patch is applied.