CVE-2021-43788

Summary

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Affected Software

VendorProductVersion RangeStatus
NodeBBNodeBB>= 1.0.4, < 1.18.5affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References