CVE-2021-26504

Name of the Vulnerable Software and Affected Versions node-red-contrib-huemagic version 3.0.0

Description The issue allows remote attackers to gain sensitive information via a crafted request in the res.sendFile API in hue-magic.js. This is a Directory Traversal vulnerability, which can be exploited by sending a specifically designed request to the affected system.

Recommendations For node-red-contrib-huemagic version 3.0.0, consider disabling the res.sendFile function in hue-magic.js until a patch is available to prevent potential exploitation. Restrict access to sensitive information and files to minimize the risk of unauthorized access.