Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the dagRunId request field in the inline DAG execution endpoints, which is passed directly into filepath.Join without format validation. An attacker can cause arbitrary directory deletion by supplying crafted...

dagu 路径遍历漏洞

Dagu is a workflow engine developed under open source by Dagu Workflow Engine. Versions of Dagu prior to 2.2.4 contained a path traversal vulnerability. This vulnerability stemmed from the filepath.Join function receiving the dagRunId request field without proper formatting verification, which...