9 matches found
SUSE CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
GO-2026-4542 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory in github.com/dagu-org/dagu
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory in github.com/dagu-org/dagu...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the CreateNewDAG API endpoint when the DAG name is not properly validated before being passed to the file store. An attacker can write arbitrary YAML files outside the intended directory, potentially overwriting...
CVE-2026-27598
CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...
CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
CVE-2026-27598 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
GHSA-6V48-FCQ6-FF23 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
The CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. While RenameDAG calls core.ValidateDAGName to reject names containing path separators line 273 in dags.go, CreateNewDAG skips this validation entirely and passes user input directly...
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
The CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. While RenameDAG calls core.ValidateDAGName to reject names containing path separators line 273 in dags.go, CreateNewDAG skips this validation entirely and passes user input directly...
Incorrect Calculation
github.com/ethereum/go-ethereum is vulnerable to an Incorrect Calculation. The vulnerability is due to a miscalculation of Proof of Work PoW generation caused by an error in the DAG creation process...