easy-static-server is vulnerable to directory traversal. The vulnerability exists in the easyServer
function of index.js
due to missing input sanitization which allows an attacker to access files and directories that are stored outside the intended folder via req.url
.