Advisories for Npm/Elding package

2018

Path Traversal

elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing ../ in the url.

2017

Directory Traversal

elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. /nThe files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a on etc/passwd/index.js.