GHSA-23vf-5g53-hm9q
GitHub Security Advisory
Directory Traversal in list-n-stream
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
Affected versions of `list-n-stream` resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
**Example request:**
```http
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo
```
## Recommendation
Update to version 0.0.11 or later.
Affected Packages
npm
list-n-stream
Affected versions:
0
(fixed in 0.0.11)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: August 30, 2025 6:32 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.