Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
7.5CVSS
7.3AI Score
0.004EPSS
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
6.1CVSS
6.1AI Score
0.001EPSS