2 matches found
CVE-2021-21298
creationtimestamp| type| source ---|---|--- 2021-02-26 20:39:23+00:00| seen| https://t.me/cibsecurity/24239...
CVE-2021-21298 Path traversal in Node-Red
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...