CVE-2021-3223
EPSS 91.5%Path traversal in Node-RED-Dashboard
發布日:2021/1/29修改日:2023/11/8
描述
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.
受影響套件(1)
- npm/node-red-dashboardfrom 0, < 2.26.2
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3223
- WEBhttps://github.com/node-red/node-red-dashboard/commit/f48f356df966f607ba3d09c27396074b81f2ae97
- WEBhttps://github.com/node-red/node-red-dashboard/issues/669
- WEBhttps://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
- WEBhttps://www.npmjs.com/package/node-red-dashboard