Node.js third-party modules: [public] Path traversal using symlink

I would like to report Path traversal vulnerability in public module Module module name: public version: 0.1.4 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir & port. Support a "direcotry index" like Apache httpd. Module...

public node module path traversal vulnerability

The public node module is a module that can run a static file hosting server using a public directory and port. A path traversal vulnerability exists in the public node module, which stems from the program's lack of detection of file paths. An attacker could use this vulnerability to read the...

Node.js third-party modules: [public] Stored XSS in filenames in directory served by public

Hi Guys, public allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. I put https://www.npmjs.com/package/public in Weakness section - 'Where is the stored content accessible?' because it does not allowed me to open report with...