Path Traversal

github.com/dgraph-io/dgraph is vulnerable to Path Traversal. The vulnerability is due to improper validation of the dagRunId request field passed into filepath.Join, which allows an attacker to exploit directory traversal using values such as .. and trigger unintended deletion of system temporary...

SUSE CVE-2026-31886

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the dagRunId request field in the inline DAG execution endpoints, which is passed directly into filepath.Join without format validation. An attacker can cause arbitrary directory deletion by supplying crafted...

Dagu: Path Traversal via `dagRunId` in Inline DAG Execution

Vulnerability Summary The dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as...

GHSA-M4Q3-457P-HH2X Dagu: Path Traversal via `dagRunId` in Inline DAG Execution

Vulnerability Summary The dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as...

dagu 路径遍历漏洞

Dagu is a workflow engine developed under open source by Dagu Workflow Engine. Versions of Dagu prior to 2.2.4 contained a path traversal vulnerability. This vulnerability stemmed from the filepath.Join function receiving the dagRunId request field without proper formatting verification, which...