The html-pages node module contains a path traversal vulnerabilities that allows an malicious user to read any file from the server with cURL.
html-pages project html-pages 2.0.7