CVE-2023-39141: 
JavaScript vulnerability analysis and mitigation

webui-aria2 was discovered to contain a path traversal vulnerability (CVE-2023-39141) in commit 4fe2e. The vulnerability affects all versions of the software, including the latest commit '109903f0e2774cf948698cd95a01f77f33d7dd2c'. This security issue was identified and reported in August 2023 (NVD, GitHub Advisory).

The vulnerability exists in the node-server.js file where the application accepts file names from URL input without proper sanitization, allowing access to files outside the serving path. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

An attacker can exploit this vulnerability to read any file that the www user has access to on the system. This can lead to unauthorized access to sensitive files outside the intended directory structure. For example, an attacker could potentially access system files like '/etc/passwd' through path traversal (GitHub Advisory).

As of the latest available information, there is no official fix or patch available for this vulnerability. The issue remains present in all versions, including the latest commit. Users should implement additional security controls at the web server level to prevent directory traversal attempts (GitHub Advisory).