CVE-2017-16091
CVE-2017-16091 concerns the xtalk module, which enables browser-to-node communication but suffers a directory traversal vulnerability. The issue allows an attacker to access the filesystem by injecting ../ sequences in the URL, as demonstrated in public advisories (e.g., example GET /../../../../...