js · better-helperjsCritical

better-helperjs <= 3.0.5 Directory Traversal Vulnerability

A directory traversal vulnerability in better-helperjs <= 3.

27 Jun 2026Read 1 minSeverity: act now

What changed

A directory traversal vulnerability in better-helperjs <= 3.0.5 allows reading arbitrary files in adjacent directories with the same prefix as the static root.

Who it affects

Applications using better-helperjs <= 3.0.5 in production mode (NODE_ENV=production).

What to do today

Upgrade to version >= 3.0.6 or apply the workaround: ensure no sensitive directories are deployed adjacent to the static root with the same prefix.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · better-helperjs

better-helperjs <= 3.0.5 Directory Traversal Vulnerability

What changed

Who it affects

What to do today

More on better-helperjs

ESLint 10.6.0 Released

@sigstore/core preAuthEncoding uses ascii encoding allowing payloadType mutation