0.001 Low
EPSS
Percentile
43.1%
nodebb is vulnerable to path traversal. An attacker can access JSON files outside of the expected languages/ directory through the Languages.get function in languages.js
languages/
Languages.get
languages.js
blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
github.com/NodeBB/NodeBB/releases/tag/v1.18.5
github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm