exploitsfolder contains exploits for many of the vulnerable dependencies.
stpackage can lead to sensitive information leakage. Start by navigating to the exploits folder and sourcing the
st5, where we see the leaked contents of the
package.jsonfile. Snyk accelerates fixes via Pull Requests to upgrade dependencies to non-vulnerable versions.
exploitsfolder in case you want to try it out before patching it.
package.jsonfile has 1 less High Severity Vulnerability.
git pullthe code to bring your local copy up to date with GitHub and try the exploit again. You'll notice it no longer works.
stpackage exploit demonstrated above. Find the
Directory Traversalvulnerability by looking through the list of issues in Snyk. See that updating
0.2.5fixes this issue.