PT-2021-16821 · Node Red · Node-Red-Contrib-Huemagic
Name of the Vulnerable Software and Affected Versions: node-red-contrib-huemagic version 3.0.0 Description: The issue allows for Directory Traversal, enabling access to arbitrary files. This is achieved through the res.sendFile API in the file hue-magic.js, using the hue/assets/..%2F path...