説明
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
基本情報
- タイプ
- reviewed
- 深刻度
- high
- GitHub 上のアドバイザリ
- アドバイザリを開く ↗
- リポジトリのアドバイザリ
- —
- ソースコード
- 未指定
- 公開(アドバイザリ)
- 2021-01-29 18:13:52 UTC
- 更新
- 2023-02-01 05:05:15 UTC
- GitHub レビュー済み
- 2021-01-27 23:26:39 UTC
- NVD で公開
- 2021-01-26 18:16:00 UTC
EPSS Score
| Score |
Percentile |
|
91.55%
|
99.65% |
CVSS Scores
No CVSS scores in this advisory.
CWEs
| CWE id |
Name |
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem |
Package |
Vulnerable range |
First patched |
Vulnerable functions |
| npm |
node-red-dashboard |
< 2.26.2 |
2.26.2 |
—
|
cvelogic
Threat Intelligence