Lucene search
AnonymousNODEJS:1613HistoryFeb 22, 2021 - 5:47 p.m.
Path Traversal
2021-02-2217:47:30
Anonymous
www.npmjs.com
39
0.092 Low
EPSS
Percentile
94.7%
Overview
In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. In /nodes/ui_base.js, the URL is matched with ‘/ui_base/js/*’ and then passed to path.join. The lack of verification of the final path leads to a path traversal vulnerability.
Recommendation
Upgrade to fix version 2.26.2 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| node-red-dashboard | lt | 2.26.2 |
Related
veracode
veracode
Directory Traversal
2021-01-27 05:30:26
github
github
Path traversal in Node-RED-Dashboard
2021-01-29 18:13:52
nuclei
nuclei
Node RED Dashboard <2.26.2 - Local File Inclusion
2021-06-24 12:07:17
osv
osv
CVE-2021-3223
2021-01-26 18:16:28
Path traversal in Node-RED-Dashboard
2021-01-29 18:13:52
seebug
seebug
Node-RED-Dashboard 任意文件读取漏洞 (CVE-2021-3223)
2021-07-05 00:00:00
cvelist
cvelist
CVE-2021-3223
2021-01-26 05:58:52
nvd
nvd
CVE-2021-3223
2021-01-26 18:16:28
cve
cve
CVE-2021-3223
2021-01-26 18:16:28
prion
prion
Directory traversal
2021-01-26 18:16:00
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00