CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.

Link	Resource
https://github.com/Foddy/node-red-contrib-huemagic/issues/217	Exploit Mitigation

Configuration 1

cpe:2.3:a:node-red-contrib-huemagic_project:node-red-contrib-huemagic:3.0.0:*:*:*:*:node.js:*:*

---

Published : 2021-01-26 06:16

Updated : 2021-02-02 09:13

---

NVD link : CVE-2021-25864

Mitre link : CVE-2021-25864

No products.

CWE-22