5 matches found
CVE-2021-3223
Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...
CVE-2021-3223
creationtimestamp| type| source ---|---|--- 2021-09-21 04:42:19+00:00| seen| https://t.me/pwnwikizhchannel/743 2022-07-05 08:46:21+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/directorytraversal/cve20213223 2023-12-08...
Node-RED-Dashboard 任意文件读取漏洞 (CVE-2021-3223)
...
@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.1.4), @ia-cloud/node-red-dashboard-2-ia-cloud (>=1.0.0 <=1.0.1) +1 more potentially affected by CVE-2021-3223 via node-red-dashboard (>=2.13.2 <=2.17.0)
node-red-dashboard NPM version =2.13.2, =0.0.1, =1.0.0, =0.1.0, =0.3.0 Source cves: CVE-2021-3223 Source advisory: OSV:GHSA-2HW7-MXVJ-M455...
CVE-2021-3223
CVE-2021-3223 affects Node-RED-Dashboard prior to 2.26.2. A local file inclusion vulnerability arises from directory traversal in ui_base/js/..%2f, allowing an attacker to read files on the server. This is described across multiple sources (NVD entry references LFI with CVSS v3.1 base score 7.5; ...