4 matches found
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...
Hugo: Symlink confinement bypass in resources.Get
Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...
CVE-2025-57802 Airlink's Daemon Symlink Vulnerability
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...
Linux Kernel < 2.6.31-rc4 nfs4_proc_lock() Denial of Service
No description provided by source. Description of problem: execution of a particular program from the Arachne suite reliably causes a kernel panic due to a NULL-pointer dereference in nfs4proclock. Version-Release number of selected component if applicable: 2.6.18-164.2.1.el5 How reproducible:...