VYPR
High severity7.5NVD Advisory· Published Jan 26, 2021· Updated Jun 17, 2026

CVE-2021-25864

CVE-2021-25864

Description

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
node-red-contrib-huemagicnpm
<= 3.0.0

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.