Dgtl Huemagic vulnerabilities
2 known vulnerabilities affecting dgtl/huemagic.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-25864P1HIGHCVSS 7.5ExploitedPoCv3.0.02021-01-26
CVE-2021-25864 [HIGH] CWE-22 CVE-2021-25864: node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendF
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
nvd
CVE-2021-26504P3HIGHCVSS 7.5v3.0.02023-08-11
CVE-2021-26504 [HIGH] CWE-22 CVE-2021-26504: Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote at
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.
nvd