CVE-2021-3152

** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:home-assistant:home-assistant:*:*:*:*:*:*:*:*

Information

Published : 2021-01-26 10:16

Updated : 2021-02-02 08:35


NVD link : CVE-2021-3152

Mitre link : CVE-2021-3152


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

home-assistant

  • home-assistant