CVE-2021-43788

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in npm/nodebb

Identifiers

CVE-2021-43788, GHSA-pfj7-2qfw-vwgm

Package Slug

npm/nodebb

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Nodebb is an open source Node.js based forum software. A path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory.

Affected Versions

All versions starting from 1.0.4 up to 1.18.4

Solution

Upgrade to version 1.18.5 or above.

Last Modified

2021-12-01

source