cve/CVE-2021-21297.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Lora-net/node-red-contrib-loracloud-utils
https://github.com/bsunobs-github-io/node-red-contrib-loracloud-utils

1.3 KiB Raw Blame History

CVE-2021-21297

Description

POC

Reference

Github

1.3 KiB

Raw Blame History