6 matches found
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
Use of Weak Hash
Overview Affected versions of this package are vulnerable to Use of Weak Hash like the Md5 hash. An attacker can bypass file integrity verification by generating files with colliding MD5 hashes and distributing malicious content that passes integrity checks. Remediation Upgrade...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...