Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

FreeBSD : Erlang/OTP -- SFTP READLINK discloses server filesystem paths (d87e41a4-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e41a4-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's...

6.5CVSS5.3AI score0.00277EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.8 views

Erlang/OTP -- SFTP READLINK discloses server filesystem paths

https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's handling of SSHFXPREADLINK returned symbolic link targets containing the server's absolute filesystem path, disclosing the backend root prefix to clients. The handler now strips the backend root...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:37 p.m.5 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/17 4:14 p.m.12 views

Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...

7.5CVSS5.6AI score0.00665EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/17 4:14 p.m.2 views

GHSA-MXW3-3HH2-X2MH Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...

7.5CVSS5.6AI score0.00665EPSS
Exploits1References5
Rows per page
Query Builder