Path Traversal Vulnerability in Nodebb v1.18.5 and Earlier

Path Traversal Vulnerability in Nodebb v1.18.5 and Earlier

CVE-2021-43788 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Learn more about our Open Source Audit.