2 matches found
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...
CVE-2020-15236
CVE-2020-15236 affects Wiki.js prior to 2.5.151, enabling directory traversal when a storage module with local asset cache (e.g., Local File System or Git) is active and URL traversal isn’t blocked. The issue allowed reading arbitrary filesystem files via crafted URLs. The fix (commit 084dcd69d15...