A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows malicious users to list files in arbitrary folders.
statichttpserver project statichttpserver