Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in translator module of NobeBB
Vulnerability Description
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
NodeBB 路径遍历漏洞
Vulnerability Description
NodeBB是Design Create Play团队的一套使用Node.js(一套建立在Google V8 JavaScript引擎之上的网络应用平台)构建的论坛系统。 Nodebb 存在路径遍历漏洞,该漏洞源于在v1.18.5之前,存在一个路径遍历漏洞,允许用户访问预期的“languages”目录之外的JSON文件。攻击者可利用该漏洞访问受限目录之外的位置。
CVSS Information
N/A
Vulnerability Type
N/A