2019-04-03 14:21:40
hackerone
PUBLISHED
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victims browser when an attacker creates an arbitrary file on the server.