GHSA-88H9-FC6V-JCW7 Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...

Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...

Local File Inclusion

larvitbase-www is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...

Node.js third-party modules: [larvitbase-www] Unintended Require

I would like to report Unintended Require vulnerability in larvitbase-www It is similar to bug found here 566056 because the module is maintained by the same developer, but it is a different module and the code behind the vulnerability is different. It allows loading arbitary non-production code ...