CVE-2021-43788

Name of the Vulnerable Software and Affected Versions: Nodebb versions prior to 1.18.5

Description: A path traversal issue allowed users to access JSON files outside of the expected languages/ directory. This issue has been patched as of version 1.18.5. Users are advised to upgrade as soon as possible.

Recommendations: For versions prior to 1.18.5, upgrade to version 1.18.5 or later to resolve the issue. As a temporary workaround, consider cherry-picking commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to receive the patch in lieu of a full upgrade.