CVE-2021-3223
EPSS 91.5%Path traversal in Node-RED-Dashboard
Published: 1/29/2021Modified: 11/8/2023
Also known as:GHSA-2hw7-mxvj-m455
Description
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
Affected packages (1)
- npm/node-red-dashboardfrom 0, < 2.26.2
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3223
- WEBhttps://github.com/node-red/node-red-dashboard/commit/f48f356df966f607ba3d09c27396074b81f2ae97
- WEBhttps://github.com/node-red/node-red-dashboard/issues/669
- WEBhttps://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
- WEBhttps://www.npmjs.com/package/node-red-dashboard