Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2021-21297
- EPSS 0.23%
- Veröffentlicht 26.02.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:58
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript O...
6.5
CVE-2021-21298
- EPSS 0.37%
- Veröffentlicht 26.02.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:58
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects....
5.4
CVE-2019-15607
- EPSS 0.2%
- Veröffentlicht 28.01.2020 03:15:10
- Zuletzt bearbeitet 21.11.2024 04:29:07
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
1