Moderate severityNVD Advisory· Published Nov 29, 2021· Updated Aug 4, 2024
Path traversal in translator module of NobeBB
CVE-2021-43788
Description
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nodebbnpm | >= 1.0.4, < 1.18.5 | 1.18.5 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pfj7-2qfw-vwgmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43788ghsaADVISORY
- blog.sonarsource.com/nodebb-remote-code-execution-with-one-shotghsaWEB
- blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/mitrex_refsource_MISC
- github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495fghsax_refsource_MISCWEB
- github.com/NodeBB/NodeBB/releases/tag/v1.18.5ghsax_refsource_MISCWEB
- github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgmghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.