Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows malicious users to list any file in arbitrary folder.
serve-here.js project serve-here.js