cbcvebase.
CVE-2021-43788
published 2021-11-29

CVE-2021-43788: Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files…

PriorityP338medium5CVSS 3.1
AVNACLPRLUINSCCLINAN
EPSS
25.84%
97.7th percentile
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

Affected

3 ranges
VendorProductVersion rangeFixed in
nodebbnodebb
nodebbnodebb>= 1.0.4 < 1.18.51.18.5
nodebbnodebb1.0.4 – 1.18.4

CVSS provenance

nvdv3.15.0MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.