Lucene search
+L

4 matches found

Snyk
Snyk
added 2026/06/19 7:7 a.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in DataSourceStream, which resolves control-plane-supplied DataSourceStream resolves the filename and environmentvariable fields without restriction. An attacker in a MitM position can access...

5.9CVSS6AI score0.00198EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:29 a.m.28 views

CVE-2026-11752

Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...

5.9CVSS5.4AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 4:29 a.m.33 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 4:29 a.m.5 views

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

5.9CVSS5.9AI score0.00198EPSS
Exploits0References3
Rows per page
Query Builder