CVE-2021-43786, GHSA-hf2m-j98r-4fqw
npm/nodebb
Improper Authentication
Incorrect logic present in the token verification step unintentionally allowed master token access to the API.
All versions starting from 1.15.0 up to 1.18.4
Upgrade to version 1.18.5 or above.
2021-12-01
source |