knightjs is vulnerable to a directory traversal attack. The library does not sanitize incoming HTTP requests, allowing a malicious user to pass a HTTP request with a pathname containing ../
to traverse the directory and access sensitive information.