Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...

Server-Side Request Forgery in federated sharing API - ownCloud

Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore, due to improper timeout handling, the server could be affected by a Denial of Service attack...

Google Chrome 路径遍历漏洞

Google Chrome is a web browser from Google, Inc.V8 is an open source JavaScript engine. Google Chrome suffers from a path traversal vulnerability that stems from an improper implementation in the Web Sharing API...

Nextcloud: Delete permission can be added on reshare

user0 creates folder /test user0 creates file /test/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/file.txt but not delete - good user1 uses the sharing API to share folder /test with user2, and specifies...