CVE-2020-36629
CVE-2020-36629 affects SimbCo httpster (fs.realpathSync in src/server.coffee), enabling path traversal. Exploit has been disclosed publicly. Patch d3055b3e30b40b65d30c5a06d6e053dffa7f35d0 is available and should be applied to fix. CVSSv3.1 base score 7.5 (HIGH) per NVD.