Description
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 3.0.0
References
Related Issues
- Path Traversal in http-server-node - CVE-2021-23797
- Path traversal in url-parse - CVE-2021-27515
- Path Traversal in html-pages - CVE-2018-3744
- Path traversal in rollup-plugin-serve - CVE-2020-7684
- Tags:
- npm
- node-red-contrib-huemagic
Anything's wrong? Let us know Last updated on September 07, 2023