QwikSec

Security Database

CVE

CWE

Training

CVE-2021-43788

Published: Nov 29, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.0

MEDIUM

Description

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Vendor	Product	Versions
NodeBB	NodeBB	affected `>= 1.0.4, < 1.18.5`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

References

https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5

x_refsource_MISC

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm

x_refsource_CONFIRM

https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f

x_refsource_MISC

https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.