XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim’s browser when an attacker creates an arbitrary file on the server.
[
{
"product": "buttle",
"vendor": "Npm, Inc.",
"versions": [
{
"status": "affected",
"version": "0.2.0"
}
]
}
]