GO-2026-4474 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser...

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

GHSA-4MH3-H929-W968 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

HashiCorp Consul 安全漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp, USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul that stems from the use of UR...

Mageia: Security Advisory (MGASA-2015-0231)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

subversion is vulnerable to information disclosure. An information disclosure flaw was found in the way the moddavsvn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files i...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to "shortcircuit", and path-based access control for files and directories was enabled, a malicious, remote user could...

CentOS Update for mod_dav_svn CESA-2011:0862 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

(mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...