Advisories for Npm/Public package

Relative Path Traversal in public.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in public.

A XSS vulnerability was found in module public that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

The public node module allows embedding HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

Public has a path traversal vulnerability. It allows an attacker to read content of arbitrary files on the server.