Description
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Remediation
References
https://github.com/node-red/node-red-dashboard/issues/669
https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
Related Vulnerabilities
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-common
CVE-2022-0686 Vulnerability in npm package url-parse
CVE-2018-12537 Vulnerability in maven package io.vertx:vertx-core
CVE-2019-10754 Vulnerability in maven package org.apereo.cas:cas-server-support-shell
CVE-2020-11009 Vulnerability in maven package org.rundeck:rundeck