lakeFS 路径遍历漏洞

LakeFS is an open-source tool developed by Treeverse, capable of converting your object storage into a repository similar to Git. Versions of LakeFS prior to 1.77.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path validation in the local block adapter,...

lakeFS 安全漏洞

lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...

CVE-2024-43784

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

CVE-2025-27100

lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versio...

CVE-2025-27100

lakeFS is affected by an authenticated denial-of-service vulnerability (CVE-2025-27100) where an authenticated user can crash the server by exhausting memory. This affects 1.49.1 and earlier; a fix is available in 1.50.0. Remediation: upgrade to 1.50.0 or later. If upgrading is not possible, appl...

CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...