6 matches found
CVE-2022-40082
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...
CVE-2024-8248
A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2...
CVE-2024-8248
CVE-2024-8248 affects mintplex-labs/anything-llm (commit 296f041). The vulnerability occurs in the project’s normalizePath function, enabling path traversal that can read/write arbitrary files in the storage directory and potentially escalate privileges from manager to admin. Connected sources co...
Path Traversal
github.com/cloudwego/hertz is vulnerable to path traversal. The vulnerability exists in normalizePath function of uri.go because the backslash restrictions are not properly implemented which allows an attacker to read any file in windows server...
Path traversal
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...
CVE-2022-40082
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function...