Description
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Remediation
References
https://github.com/node-red/node-red-dashboard/issues/669
https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
Related Vulnerabilities
CVE-2011-5057 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.10
CVE-2019-17571 Vulnerability in maven package log4j:log4j
CVE-2020-36185 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-10364 Vulnerability in maven package org.jenkins-ci.plugins:ec2