GHSA-34W8-MCWR-VG29 CodeceptJS's incomprehensive sanitation can lead to Command Injection

CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function lib/utils.js. The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary...

Landray EKP 路径遍历漏洞

Landray EKP is an office automation solution from China's Landray Corporation that enables companies to easily model and manage their business. A path traversal vulnerability exists in Landray EKP V16.0 and earlier versions, which stems from the parameter directoryPath in the file...