node-red-dashboard@2.17.0 vulnerabilities

A set of dashboard nodes for Node-RED

latest version

3.6.5
latest non vulnerable version

3.6.5
first published

8 years ago
latest version published

8 months ago
licenses detected
- Apache-2.0
  >=2.1.0
View node-red-dashboard package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the node-red-dashboard package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
L Improper Neutralization node-red-dashboard is a provides a set of nodes in Node-RED to quickly create a live data dashboard. Affected versions of this package are vulnerable to Improper Neutralization due to improper user-input sanitization in `ui-component-ctrl.js` file, via `ui_text` format input. How to fix Improper Neutralization? Upgrade `node-red-dashboard` to version 3.2.0 or higher.	<3.2.0
M Directory Traversal node-red-dashboard is a provides a set of nodes in Node-RED to quickly create a live data dashboard. Affected versions of this package are vulnerable to Directory Traversal. Allows `ui_base/js/..%2f` directory traversal to read files. How to fix Directory Traversal? Upgrade `node-red-dashboard` to version 2.26.2 or higher.	<2.26.2