Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vh2g-6c4x-5hmp: Path traversal and code execution via prototype vulnerability

Impact

Due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk.

Patches

Patched in v2.8.7

Workarounds

Site maintainers can cherry pick ec58700f6dff8e5b4af1544f6205ec362b593092 into their codebase to patch the exploit.

ghsa
#vulnerability#web#nodejs#git#java

Package

npm nodebb (npm)

Affected versions

>= 2.5.0, < 2.8.7

Patched versions

2.8.7

Description

Impact

Due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk.

Patches

Patched in v2.8.7

Workarounds

Site maintainers can cherry pick ec58700f6dff8e5b4af1544f6205ec362b593092 into their codebase to patch the exploit.

References

  • GHSA-vh2g-6c4x-5hmp
  • https://nvd.nist.gov/vuln/detail/CVE-2023-26045
  • NodeBB/NodeBB@ec58700

julianlam published to NodeBB/NodeBB

Jul 24, 2023

Published to the GitHub Advisory Database

Jul 25, 2023

Reviewed

Jul 25, 2023

Related news

CVE-2023-26045: fix: object destructuring overwriting type parameter · NodeBB/NodeBB@ec58700

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection