Published: 26/02/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodered node-red

Node-RED node allowing easy integration with LoRa Cloud

Description This package is a collection of nodes for Node-RED which helps connection to LoRa Cloud An example is included to demonstrate a LoRaWAN application server working with Semtech modems Detailed instructions are provided on online documentation Provided nodes are: LoRa Network servers connectors, formatting payload from LNS for LoRa Cloud Device & Applicat

CWE-1321 https://github.com/node-red/node-red/security/advisories/GHSA-xp9c-82x8-7f67 https://github.com/node-red/node-red/releases/tag/1.2.8 https://www.npmjs.com/package/%40node-red/runtime https://www.npmjs.com/package/%40node-red/editor-api https://nvd.nist.gov https://github.com/Lora-net/node-red-contrib-loracloud-utils

CVE-2021-21297

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect