11 matches found
PT-2026-20656
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in the Navigation feature in Google Chrome before version 147.0.7727.55 could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a...
GO-2026-4494 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs
lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs...
CVE-2026-26187
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
EUVD-2026-5918
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187
CVE-2026-26187 affects lakeFS before v1.77.0, where the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read/write files outside the configured storage. The verifyRelPath check used strings.HasPrefix without requiring a separator, enabling path traversal to sibling ...
lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...
GHSA-699M-4V95-RMPM lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...
lakeFS 路径遍历漏洞
LakeFS is an open-source tool developed by Treeverse, capable of converting your object storage into a repository similar to Git. Versions of LakeFS prior to 1.77.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path validation in the local block adapter,...