11 matches found
EUVD-2021-0559
Malware in sbrugna...
CVE-2021-21298
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...
CVE-2024-9099
In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to...
CVE-2023-4647 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances...
PT-2023-30038 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.2 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where the projects API pagination can be skipped, potentially leading to Denial of...
Directory Traversal
@node-red/runtime is vulnerable to directory traversal. The vulnerability exists as users with the projects.read permission can access any file via the Projects API...
Path traversal
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...
Path traversal in Node-Red
Impact This vulnerability allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. Patches The issue has been patched in Node-RED 1.2.8 Workarounds The vulnerability applies only...
GHSA-M33V-338H-4V9F Path traversal in Node-Red
Impact This vulnerability allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via the Projects API. Patches The issue has been patched in Node-RED 1.2.8 Workarounds The vulnerability applies only...
CVE-2021-21298
CVE-2021-21298 affects Node-RED up to v1.2.7 with a path traversal vulnerability via the Projects API. When the Projects feature is enabled, a user with projects.read can access arbitrary files through the Projects API. The issue has been fixed in Node-RED v1.2.8. The vulnerability applies only t...
CVE-2021-21298 Path traversal in Node-Red
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...