better-helperjs Vulnerable to Directory Traversal via String Prefix Bypass in Static Server
A directory traversal vulnerability exists in the production static file server of better-helperjs (<= 3.0.5). Attackers can read arbitrary files located in adjacent directory structures that share the same string prefix as the intended static root directory.