13 matches found
EUVD-2024-3241
Malicious code in bioql PyPI...
EUVD-2022-6778
Malicious code in bioql PyPI...
CVE-2022-40082
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...
CVE-2024-8248
A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2...
CVE-2024-8248
A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2...
CVE-2024-8248
CVE-2024-8248 affects mintplex-labs/anything-llm (commit 296f041). The vulnerability occurs in the project’s normalizePath function, enabling path traversal that can read/write arbitrary files in the storage directory and potentially escalate privileges from manager to admin. Connected sources co...
anything-llm 安全漏洞
anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in version 296f041 of anything-llm that stems from the presence of path traversal in the normalizePath function, which could lead to arbitrary file reads, writes, and elevatio...
CVE-2024-52293
Craft is a content management system CMS. Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3...
Path Traversal
github.com/cloudwego/hertz is vulnerable to path traversal. The vulnerability exists in normalizePath function of uri.go because the backslash restrictions are not properly implemented which allows an attacker to read any file in windows server...
GHSA-C9QR-F6C8-RGXF Hertz contains path traversal via normalizePath function
Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0.3.1...
Path traversal
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...
CVE-2022-40082
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...
CVE-2022-40082
CVE-2022-40082 affects Hertz (Go HTTP framework) v0.3.0 where the normalizePath function permits path traversal. The issue allows access to files outside the intended root and is described with a CVSS v3.1 base score of 7.5 (HIGH). A remediation exists: upgrade to v0.3.1, which is noted as patche...