Path traversal in translator module of NobeBB
CVE-2021-43788

5MEDIUM

Key Information:

Vendor

Nodebb

Status
Vendor
CVE Published:
29 November 2021

What is CVE-2021-43788?

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Affected Version(s)

NodeBB >= 1.0.4, < 1.18.5

References

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.