High severity7.5NVD Advisory· Published Jan 26, 2021· Updated Jun 17, 2026
CVE-2021-25864
CVE-2021-25864
Description
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-red-contrib-huemagicnpm | <= 3.0.0 | — |
Affected products
2- node-red-contrib-huemagic/node-red-contrib-huemagicdescription
Patches
Vulnerability mechanics
References
3- github.com/Foddy/node-red-contrib-huemagic/issues/217nvdExploitMitigationThird Party AdvisoryWEB
- github.com/advisories/GHSA-frpw-jrwx-hcfvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25864ghsaADVISORY
News mentions
0No linked articles in our index yet.