Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2021-3223 — Path traversal in Node-RED-Dashboard · VulnScope

CVE-2021-3223

Path traversal in Node-RED-Dashboard

EPSS 91.5%

Description

In Node-RED-Dashboard before 2.26.2 there is a path traversal vulnerability. It allows ui_base/js/..%2f directory traversal to read files.

How to fix CVE-2021-3223

To remediate CVE-2021-3223, upgrade the affected package to a fixed version below.

npm/node-red-dashboard—upgrade to 2.26.2 or later

Is CVE-2021-3223 being exploited?

Likely — EPSS is 91.5%, placing CVE-2021-3223 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

from 0, < 2.26.2

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-3223
WEBgithub.com/node-red/node-red-dashboard/commit/f48f356df966f607ba3d09c27396074b81f2ae97
WEBgithub.com/node-red/node-red-dashboard/issues/669
WEBgithub.com/node-red/node-red-dashboard/releases/tag/2.26.2

Metadata

Published: 1/29/2021
Modified: 11/8/2023

Also known as:

GHSA-2hw7-mxvj-m455ghsa

WEB

www.npmjs.com/package/node-red-dashboard

npm/node-red-dashboard