Description

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Remediation

References

https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5

https://github.com/NodeBB/NodeBB/commit/1783f918bc19568f421473824461ff2ed7755e4c

https://github.com/NodeBB/NodeBB/security/advisories/GHSA-wx69-rvg3-x7fc

https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/

Related Vulnerabilities

CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-11619 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-13921 Vulnerability in maven package org.apache.skywalking:storage-jdbc-hikaricp-plugin

CVE-2021-21624 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy

CVE-2022-1929 Vulnerability in npm package devcert

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Release Notes Third Party Advisory Exploit