CVE-2021-43787

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43787

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43787.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43787

Aliases

GHSA-wx69-rvg3-x7fc

Related

GHSA-wx69-rvg3-x7fc

Published

2021-11-29T20:15:08.190Z

Modified

2026-03-14T14:58:59.258512Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.

References

Affected packages

Git / github.com/nodebb/nodebb

Affected ranges

Type

GIT

Repo

https://github.com/nodebb/nodebb

Events

Introduced

e8ca993aac4b90cfea131050814a19e144a27094

Last affected

abbbc3d7c2c75a7877ee55debb9f47114e692778

Fixed

1783f918bc19568f421473824461ff2ed7755e4c

Fixed

c28ac8ec52910c4f9fffec5fb11de2705126c790

Database specific

{
    "versions": [
        {
            "introduced": "1.15.5"
        },
        {
            "last_affected": "1.18.4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43787.json"