CVE-2021-21297 – Node-Red is a low-code programming for event-driven applications built using nodejs. Node- …

26 February 2021

Vuln ID: CVE-2021-21297

Published: 2021-02-26 17:15:12Z

Description: Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url.

Source: NVD.NIST.GOV

Date:

26 February 2021

Categorie(s):

NVD

Tag(s):

NVD

Apple reportedly cuts Vision Pro production due to low demand25 April 2024
Action needed amid escalating ransomware attacks, record-high payments25 April 2024
Ransomware triggers cyberinsurance claims increase25 April 2024
SSH Backdoor from Compromised XZ Utils Library25 April 2024
“Junk gun” ransomware: the cheap new threat to small businesses25 April 2024