CVE-2017-16194
Picard (a Node.js micro framework) is vulnerable to a directory traversal flaw: an attacker can access the filesystem by including ../ in the URL. The issue is documented across multiple sources (GHSA/NPM advisory, Veracode, CNVD, OSV, etc.), with no patch available in the advisories and recommen...