5 matches found
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...
Directory traversal
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...
CVE-2021-26504
CVE-2021-26504 affects Foddy’s node-red-contrib-huemagic (v3.0.0). The vulnerability is a directory traversal in the hue-magic.js res.sendFile API, enabling remote attackers to read sensitive information. CVSS v3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no pr...
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...