list-n-stream is vulnerable to path traversal attacks. The vulnerability is possible because it fails to sanitize the URL request and prevent access to sensitive files and data on the server. Attackers can leak passwords if they request the /api/v1/fs/..%2f..%2fetc/passwd
URL.