描述
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
基本資訊
- 類型
- reviewed
- 嚴重度
- high
- GitHub 上的公告
- 開啟公告 ↗
- 儲存庫公告
- —
- 原始碼
- 未指定
- 公開(公告)
- 2021-01-29 18:13:52 UTC
- 更新時間
- 2023-02-01 05:05:15 UTC
- GitHub 審核
- 2021-01-27 23:26:39 UTC
- NVD 公開
- 2021-01-26
EPSS Score
| Score |
Percentile |
|
91.55%
|
99.65% |
CVSS Scores
No CVSS scores in this advisory.
CWEs
| CWE id |
Name |
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem |
Package |
Vulnerable range |
First patched |
Vulnerable functions |
| npm |
node-red-dashboard |
< 2.26.2 |
2.26.2 |
—
|
cvelogic
Threat Intelligence