CVE-2021-43788

Опубликовано: 29 нояб. 2021

Источник: nvd

CVSS3: 5

CVSS2: 4

EPSS Низкий

Описание

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Ссылки

https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
Exploit
Third Party Advisory
https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
Patch
Third Party Advisory
https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5
Release Notes
Third Party Advisory
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm
Third Party Advisory
https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
Exploit
Third Party Advisory
https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
Patch
Third Party Advisory
https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5
Release Notes
Third Party Advisory
https://github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

Версия от 1.0.4 (включая) до 1.18.4 (включая)

EPSS

Процентиль: 85%

0.0252

Низкий

5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-pfj7-2qfw-vwgm