190 matches found
rustfs 安全漏洞
rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in rustfs versions 1.0.0-alpha.13 through 1.0.0-alpha.78, which stems from a flaw in the denyonly short-circuit logic that could lead to elevation of privilege and bypassing session...
PT-2026-2143
Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. The ImportIam API endpoint incorrectly validates permissions using ExportIAMAction instead of ImportIAMAction. This allows a...
PT-2026-2144
Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.78 Description RustFS is a distributed object storage system built in Rust. A flaw in the deny only short-circuit within RustFS IAM allows a restricted service account or STS credential to...
CVE-2025-69255
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-68705
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
EUVD-2026-1161
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-69255
CVE-2025-69255 affects RustFS, a Rust-based distributed object storage system. The vulnerability lies in the gRPC metrics endpoint GetMetrics handler: deserialization of metric_type/opts can panic when a malformed request is received, causing remote denial of service of the metrics service. Affec...
CVE-2025-69255 RustFS gRPC GetMetrics deserialization panic enables remote DoS
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics...
CVE-2025-68705 RustFS Path Traversal Vulnerability
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
EUVD-2026-1162
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
CVE-2025-68705
RustFS exposes a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint affecting versions 1.0.0-alpha.13 through 1.0.0-alpha.78; the issue stems from insufficient path validation via volume_dir.join(Path::new(&path)) without canonicalization or boundary checks, allowing paths ...
CVE-2025-68705 RustFS Path Traversal Vulnerability
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
RustFS gRPC GetMetrics deserialization panic enables remote DoS
Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...
GHSA-GW2X-Q739-QHCR RustFS gRPC GetMetrics deserialization panic enables remote DoS
Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...
GHSA-PQ29-69JG-9MXC RustFS Path Traversal Vulnerability
RustFS Path Traversal Vulnerability Vulnerability Details - CVE ID: - Severity: Critical CVSS estimated 9.9 - Impact: Arbitrary File Read/Write - Component: /rustfs/rpc/readfilestream endpoint - Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791 Vulnerable Code rust...
RustFS Path Traversal Vulnerability
RustFS Path Traversal Vulnerability Vulnerability Details - CVE ID: - Severity: Critical CVSS estimated 9.9 - Impact: Arbitrary File Read/Write - Component: /rustfs/rpc/readfilestream endpoint - Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791 Vulnerable Code rust...
rustfs 安全漏洞
rustfs is a high-performance object storage system from the RustFS open source. A security vulnerability exists in rustfs versions 1.0.0-alpha.13 through 1.0.0-alpha.77, which stems from a deserialization failure when processing a malformed gRPC GetMetrics request, which could lead to a remote...
PT-2026-1935
Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.77 Description RustFS is a distributed object storage system built in Rust. A malformed gRPC GetMetrics request can cause the get metrics function to fail during deserialization of metric...