CVE-2019-5479
CVE-2019-5479 affects larvitbase-api (node package). Versions prior to 0.5.4 allow an Unintended Require where an exposed API endpoint passes a GET parameter to a require() call, enabling an attacker to load and execute arbitrary JavaScript files present in the server directory. Public descriptio...