Path Traversal in ponse

Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 2.0.2 or later...

cloudcmd (>=5.0.5 <=9.3.2), console-io (>=2.5.2 <=5.0.0) +22 more potentially affected by unknown CVE via ponse (>=1.0.1 <=1.6.1)

ponse NPM version =1.0.1, =5.0.5, =2.5.2, =0.0.0, =0.1.0, =2.7.4, =0.3.0, =1.0.0, =1.0.0, =0.0.1, =0.2.0, =1.0.0, =1.0.0, =1.0.9, =1.0.0, =1.0.0, =1.3.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WFHX-6PCM-7M55...

Node.js third-party modules: [ponse] Path traversal in ponse module allows to read any file on server

I would like to report path traversal in ponse. It allows reading local files on the target server. Module module name: ponse version: 2.0.1 npm page: https://www.npmjs.com/package/ponse Module Description Module for work with requests and responses Module Stats 317 downloads in the last week 163...