Arbitrary Code Execution
Affecting nodebb package, versions >=0.4.3 <1.4.1
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
nodebb
is a NodeBB Forum.
Affected versions of the package are vulnerable to Arbitrary code execution .
Remediation
Upgrade nodebb
to version 1.4.1 or higher.
References
CVSS Score
5.6
medium severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Ben Lubar
- CWE
- CWE-94
- Snyk ID
- npm:nodebb:20161120
- Disclosed
- 19 Nov, 2016
- Published
- 03 Apr, 2017