Arbitrary file deletion

2021-01-2618:16:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.282 Low

EPSS

Percentile

96.9%

JSON

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/…%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.

CPENameOperatorVersion
huemagiceq3.0.0

CPE	Name	Operator	Version
	huemagic	eq	3.0.0

References

github.com/Foddy/node-red-contrib-huemagic/issues/217