Lucene search
GoogleOSV:GHSA-PFJ7-2QFW-VWGMHistoryNov 30, 2021 - 10:20 p.m.
NodeBB vulnerable to path traversal in translator module
2021-11-3022:20:43
Google
osv.dev
7
0.001 Low
EPSS
Percentile
43.1%
Impact
Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory.
Patches
The vulnerability has been patched as of v1.18.5.
Workarounds
Cherry-pick commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to receive this patch in lieu of a full upgrade.
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
References
blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot
github.com/NodeBB/NodeBB
github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
github.com/NodeBB/NodeBB/releases/tag/v1.18.5
github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm
nvd.nist.gov/vuln/detail/CVE-2021-43788
Related
cvelist
cvelist
CVE-2021-43788 Path traversal in translator module of NobeBB
2021-11-29 19:35:12
cve
cve
CVE-2021-43788
2021-11-29 20:15:08
veracode
veracode
Path Traversal
2021-11-30 09:05:46
osv
osv
CVE-2021-43788
2021-11-29 20:15:08
prion
prion
Path traversal
2021-11-29 20:15:00
github
github
NodeBB vulnerable to path traversal in translator module
2021-11-30 22:20:43
cnvd
cnvd
Nodebb path traversal vulnerability
2021-12-01 00:00:00
openvas
openvas
NodeBB 1.0.4 - 1.18.4 Path Traversal Vulnerability
2022-09-07 00:00:00
nvd
nvd
CVE-2021-43788
2021-11-29 20:15:08
sonarsource
sonarsource
NodeBB 1.18.4 - Remote Code Execution With One Shot
2021-11-30 00:00:00