The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

Affected Packages

npm atlasboard

Affected versions: 0 (fixed in 1.1.9)

Related CVEs

CVE-2021-39109

Key Information

GHSA ID

GHSA-25pr-6pr6-68v7

Published

September 2, 2021 5:17 PM

Last Modified

October 14, 2024 7:41 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

atlasboard

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.