Base Score

MEDIUM5

CVE-2021-43788

Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateNov 29, 2021, 20:15

Affected Versions(1)

nodebb(npm)

Introduced1.0.4

Fixed1.18.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
nodebb(npm)	1.0.4	1.18.5	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

MEDIUM5

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE