Directory Traversal Vulnerability in Node-RED-Dashboard (before 2.26.2) Allows Unauthorized File Read

CVE-2021-3223 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.

Learn more about our Web Application Penetration Testing UK.