Node-Red Security Vulnerabilities

Node-Red is an open source stream-based visual programming development tool for connecting hardware devices, APIs and online services together as part of the Internet of Things. Node-Red has a security vulnerability that stems from the admin API containing a Prototype Pollution vulnerability. An...

Node-RED Path Traversal Vulnerability

Node-Red is an open source stream-based visual programming development tool for connecting hardware devices, APIs and online services together as part of the Internet of Things. A path traversal vulnerability exists in Node-RED 1.2.7 and earlier, which allows arbitrary path traversal via the...

Path Traversal

Overview In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. In /nodes/uibase.js, the URL is matched with '/uibase/js/' and then passed to path.join. The lack of verification of the final path leads to a path traversal vulnerability. Recommendation Upgrade to fix version...

GHSA-2HW7-MXVJ-M455 Path traversal in Node-RED-Dashboard

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows uibase/js/..%2f directory traversal to read files...

@ia-cloud/node-red-contrib-ia-cloud-dashboard (>=0.0.1 <=0.1.4), @ia-cloud/node-red-dashboard-2-ia-cloud (>=1.0.0 <=1.0.1) +1 more potentially affected by CVE-2021-3223 via node-red-dashboard (>=2.13.2 <=2.17.0)

node-red-dashboard NPM version =2.13.2, =0.0.1, =1.0.0, =0.1.0, =0.3.0 Source cves: CVE-2021-3223 Source advisory: OSV:GHSA-2HW7-MXVJ-M455...

Path traversal in Node-RED-Dashboard

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows uibase/js/..%2f directory traversal to read files...

Directory Traversal

node-red-dashboard is vulnerable to directory traversal. Lack of validation in the URL allows an attacker to access system files outside of the webroot via a malicious URL such as /uibase/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd...

Directory Traversal

node-red-contrib-huemagic is vulnerable to directory traversal. The vulnerability exists as the res.sendFile parameter in the API in hue-magic.js is not sanitized, allowing an attacker to fetch arbitrary files on the server by appending ../ to the URL of the target host...

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

Directory traversal

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

Arbitrary file deletion

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

CVE-2021-25864

Hue Magic 3.0.0 is vulnerable to local file inclusion via the res.sendFile API in hue-magic.js, allowing an attacker to fetch arbitrary files on the server. This CVE (CVE-2021-25864) is documented in multiple sources (including a Nuclei template and advisories) as an LFI with potential to expose ...

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

CVE-2021-3223

Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...

CVE-2021-3223

CVE-2021-3223 affects Node-RED-Dashboard prior to 2.26.2. A local file inclusion vulnerability arises from directory traversal in ui_base/js/..%2f, allowing an attacker to read files on the server. This is described across multiple sources (NVD entry references LFI with CVSS v3.1 base score 7.5; ...

Node-RED-Dashboard Path Traversal Vulnerability

A path traversal vulnerability exists in Node-RED-Dashboard before 2.26.2, which can be exploited by an attacker to traverse paths...

node-red-contrib-huemagic path traversal vulnerability

node-red-contrib-huemagic is a solution for Foddy Personal Developer. A path traversal vulnerability exists in node-red-contrib-huemagic 3.0.0, which can be exploited to obtain arbitrary files...

Tree-Tracker - Auditing a Log Harvest using IOT Edge Connect and node-red

At long last, Blue Water Farm is generating revenue! Around 20 acres of our land consists of dense, mature hardwood of oak, maple, and beech, and we were able to contract to sell 65 maple and 25 oak trees to a logging company. I won't be retiring from Akamai any time soon from our logging windfal...