Advisories for Npm/Featurebook package

Affected versions of featurebook resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. The featurebook package is not intended to be run in production code nor to be exposed to an untrusted network. Proof of Concept GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:foo …

The featurebook is vulnerable to a Directory Traversal attack. This may allow attackers to access confidential resources that exist outside of the intended web root of the service. This is mitigated significantly by the fact that featurebook is clearly not intended to be run in production code nor to be exposed to an untrusted network.