RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Users unable to upgrade should avoid exposing their development server to the internet. A patch has been introduced in and which mitigates the issue. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `-host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. Any file in scope of the development server could potentially be exposed. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `_file-code-frame` and `_original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Gatsby is a free and open source framework based on React.
0 kommentar(er)
