Lucene search
K

7 matches found

NVD
NVD
added 3 hours ago3 views

CVE-2026-55874

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS
Exploits0References4
Cvelist
Cvelist
added 4 hours ago7 views

CVE-2026-55874 SeaweedFS: Path traversal in the S3 gateway X-Amz-Copy-Source header allows cross-bucket object read

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS
Exploits0References4
CVE
CVE
added 4 hours ago10 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.12 views

rgw: RGW DoS attack with empty HTTP header in S3 object copy

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...

7.5CVSS5.7AI score0.00399EPSS
Exploits1References5
OSV
OSV
added 2025/11/12 7:15 p.m.4 views

UBUNTU-CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.7AI score0.00399EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/11/12 6:33 a.m.7 views

CVE-2024-47866

A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteri...

7.5CVSS6AI score0.00399EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

Ceph 输入验证错误漏洞

Ceph is a file storage platform from Ceph open source. An input validation error vulnerability exists in Ceph 19.2.3 and earlier versions, which stems from improper handling of the x-amz-copy-source parameter and could lead to a denial of service...

7.5CVSS6.3AI score0.00399EPSS
Exploits1References4
Rows per page
Query Builder