2 matches found
Insecure Permission Checks
github.com/etcd-io/etcd does not properly perform permission checks. The function os.MkdirAll that creates the directory containing automatically generated self-signed certificates for TLS connections with clients is insecure and does not perform any permission checks, potentially overwriting...
Directory Traversal
rocketmq-broker is vulnerable to directory traversal. The automatic topic creation which is enabled by default, allows a folder name containing ../ characters to be created. This results in the writing of arbitrary directory in the parent directories, potentially overwriting existing folders...