5 matches found
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...
CVE-2021-25864
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25864.yaml 2026-06-23 14:06:19+00:00| exploited|...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...
CVE-2021-25864
Hue Magic 3.0.0 is vulnerable to local file inclusion via the res.sendFile API in hue-magic.js, allowing an attacker to fetch arbitrary files on the server. This CVE (CVE-2021-25864) is documented in multiple sources (including a Nuclei template and advisories) as an LFI with potential to expose ...