32 matches found
graphql-mesh 路径遍历漏洞
graphql-mesh is an application by Arda TANRIKULU Individual Developer. A path traversal vulnerability exists in graphql-mesh, which stems from a lack of checks in the static file handler that could lead to arbitrary file reads and leak server data...
python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations
A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL...
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Summary Missing check vulnerability in the static file handler allows any client to access the files in the server's file system Details When staticFiles is set in the serve settings in the configuration file, the following handler doesn't check if absolutePath is still under the directory provid...
GO-2023-1567 Open redirect in github.com/caddyserver/caddy/v2
Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
Echo vulnerable to directory traversal
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
GHSA-J453-HM5X-C46W Echo vulnerable to directory traversal
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
UBUNTU-CVE-2020-36565
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
labstack echo 路径遍历漏洞
labstack echo is the high-performance, minimalist Go Web framework. A security vulnerability exists in the previous version of labstack echo v4.1.18-0.20201215153152-4422e3b66b9f, which stems from incorrect cleanup of user input on Windows, where the static file handler allows for directory...
PT-2022-23818 · Unknown · Patrickfuller Camp
Name of the Vulnerable Software and Affected Versions: patrickfuller camp versions up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 Description: The issue concerns Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root director...
GO-2021-0051 Directory traversal on Windows in github.com/labstack/echo/v4
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
GO-2020-0039 Open redirect in gopkg.in/macaron.v1
Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...
PT-2021-12080 · Unknown · Static File Handler
Name of the Vulnerable Software and Affected Versions: Static File Handler affected versions not specified Description: The issue arises from improper sanitization of user input on Windows, allowing the static file handler to permit directory traversal. This enables an attacker to read files...