larvitbase-api is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require()
function call. This could potentially allow a remote attacker to execute any .js
files within the web server. Successful exploitation causes the server to crash.
CPE | Name | Operator | Version |
---|---|---|---|
larvitbase-api | le | 0.5.3 |