Path traversal in Node-RED-Dashboard

描述

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.

基本資訊

類型
reviewed
嚴重度
high
GitHub 上的公告
開啟公告 ↗
儲存庫公告
原始碼
未指定
公開(公告)
2021-01-29 18:13:52 UTC
更新時間
2023-02-01 05:05:15 UTC
GitHub 審核
2021-01-27 23:26:39 UTC
NVD 公開
2021-01-26

EPSS Score

Score Percentile
91.55% 99.65%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

CWEs

CWE id Name
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
npm node-red-dashboard < 2.26.2 2.26.2

References

cvelogic Threat Intelligence