Vulnerabilities > F5 > Nginx Controller > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-11 CVE-2020-27730 Path Traversal vulnerability in multiple products
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
network
low complexity
f5 netapp CWE-22
critical
 9.8
9.8
2020-07-01 CVE-2020-5901 Cross-site Scripting vulnerability in F5 Nginx Controller 3.3.0/3.4.0
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack.
network
low complexity
f5 CWE-79
critical
 9.6
9.6