rendertron-middleware is an Express middleware for Rendertron.
Affected versions of this package are vulnerable to Information Exposure.
Installed packages are exposed by node_modules in Rendertron, allowed remote attackers to read absolute paths on the server by examining the
_where attribute of package.json files.
Upgrade rendertron-middleware to version 0.1.3 or higher.