Описание
Path traversal in Node-RED-Dashboard
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-3223
- https://github.com/node-red/node-red-dashboard/issues/669
- https://github.com/node-red/node-red-dashboard/commit/f48f356df966f607ba3d09c27396074b81f2ae97
- https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
- https://www.npmjs.com/package/node-red-dashboard
Пакеты
Наименование
node-red-dashboard
npm
Затронутые версииВерсия исправления
< 2.26.2
2.26.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.