CVE-2021-26504

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 11, 2023
Updated: Aug 16, 2023
CWE ID 22

Summary

CVE-2021-26504 is a directory traversal vulnerability affecting the node-red-contrib-huemagic package version 3.0.0. An attacker can exploit this weakness in Foddy's hue-magic.js file, which is used in the res.sendFile API, to access sensitive information. The vulnerability arises when the API fails to properly validate user-supplied input, enabling a crafted request to bypass intended file access restrictions. This issue poses a significant risk, as it can potentially lead to the disclosure of critical data. It is recommended that users upgrade to a patched version of node-red-contrib-huemagic as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share