hekto node module path traversal vulnerability (CNVD-2018-16503)

hekto node module is a module to support single page applications. A path traversal vulnerability exists in the hekto node module because the program does not filter the path of the requested file. An attacker could use this vulnerability to read the contents of an arbitrary file...

Node.js third-party modules: [hekto] Path Traversal vulnerability allows to read content of arbitrary files

Hi Guys, There is Path Traversal vulnerability in hekto module, which allows to read arbitrary file from the remote server. Module hekto This package exposes a directory and its children to create, read, update, and delete operations over http. https://www.npmjs.com/package/hekto version: 0.2.0...