All versions of `626` are vulnerable to path traversal. This enables a remote attacker to read arbitrary files from the remote server using this module.

## Recommendation

No fix is currently available for this vulnerability.
It is our recommendation to not install or use this module at this time.

Affected Packages

npm 626

Affected versions: 0.0.0

Related CVEs

CVE-2018-3727

Key Information

GHSA ID

GHSA-r4r9-mgjc-g6q3

Published

September 1, 2020 7:06 PM

Last Modified

June 1, 2023 7:46 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

626

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.