Node.js third-party modules: [node-downloader-helper] Path traversal via Content-Disposition header

Summary I would like to report path traversal in node-downloader-helper. It allows malicious server to choose download location via ../. It may leads remote code execution. Module module name: node-downloader-helper version: 1.0.11 npm page: https://www.npmjs.com/package/node-downloader-helper...