CVE-2021-43788 Path traversal in translator module of NobeBB

2021-11-2919:35:12

CWE-22

GitHub_M

www.cve.org

cve-2021-43788

path traversal

nodebb

translator module

nobe.js

forum software

vulnerability

json files

languages directory

patched

upgrade

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

42.9%

JSON

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

CNA Affected

[
  {
    "product": "NodeBB",
    "vendor": "NodeBB",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.0.4, < 1.18.5"
      }
    ]
  }
]