Directory Traversal #4
Description
Thanks for creating this package.
I found a directory traversal issue, which can be fixed by adding some filtering on the requested url path. To exploit the vulnerability, I can just send a web request say: http://localhost:9090/../../../passwd to retrieve (sensitive) file outside the working directory on the hosting server.
Notice: the above url does not work with wget or a browser. Try it by using http.get in a Node.js program.