CVE-2021-43786
Improper Authentication in npm/nodebb
Identifiers
CVE-2021-43786, GHSA-hf2m-j98r-4fqw
Package Slug
npm/nodebb
Vulnerability
Improper Authentication
Description
Incorrect logic present in the token verification step unintentionally allowed master token access to the API.
Affected Versions
All versions starting from 1.15.0 up to 1.18.4
Solution
Upgrade to version 1.18.5 or above.
Last Modified
2021-12-01
| source |