CVE-2019-5422

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim’s browser when an attacker creates an arbitrary file on the server.
Source: NIST
CVE-2019-5422