CVE-2021-43788, GHSA-pfj7-2qfw-vwgm
npm/nodebb
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nodebb is an open source Node.js based forum software. A path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/
directory.
All versions starting from 1.0.4 up to 1.18.4
Upgrade to version 1.18.5 or above.
2021-12-01
source |