Moderate severity vulnerability was found in npm nodebb (npm) .

Impact

Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory.

Patches

The vulnerability has been patched as of v1.18.5.

Workarounds

Cherry-pick commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to receive this patch in lieu of a full upgrade.

References


Courtesy:https://github.com/advisories/GHSA-pfj7-2qfw-vwgm

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *