Description
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Remediation
References
https://github.com/node-red/node-red-dashboard/issues/669
https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
Related Vulnerabilities
CVE-2018-20433 Vulnerability in maven package c3p0:c3p0
CVE-2021-22144 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-23510 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2022-31186 Vulnerability in npm package next-auth
CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit