node-red-dashboard is vulnerable to directory traversal. Lack of validation in the URL allows an attacker to access system files outside of the webroot via a malicious URL such as /ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
CPE | Name | Operator | Version |
---|---|---|---|
node-red-dashboard | le | 2.26.1 |