Description
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
Basic information
- Type
- reviewed
- Severity
- high
- Advisory on GitHub
- Open advisory ↗
- Repository advisory
- —
- Source code
- Not specified
- Published (advisory)
- 2021-01-29 18:13:52 UTC
- Updated
- 2023-02-01 05:05:15 UTC
- GitHub reviewed
- 2021-01-27 23:26:39 UTC
- NVD published
- 2021-01-26 18:16:00 UTC
EPSS Score
| Score |
Percentile |
|
91.55%
|
99.65% |
CVSS Scores
No CVSS scores in this advisory.
CWEs
| CWE id |
Name |
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem |
Package |
Vulnerable range |
First patched |
Vulnerable functions |
| npm |
node-red-dashboard |
< 2.26.2 |
2.26.2 |
—
|
cvelogic
Threat Intelligence