Description
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Remediation
References
https://github.com/node-red/node-red-dashboard/issues/669
https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2
Related Vulnerabilities
CVE-2016-2173 Vulnerability in maven package org.springframework.amqp:spring-amqp
CVE-2020-27428 Vulnerability in npm package scratch-svg-renderer
CVE-2019-1003056 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer
CVE-2022-0436 Vulnerability in maven package org.webjars.npm:grunt