Lucene search
K

68 matches found

OSV
OSV
added 2026/03/27 2:0 p.m.4 views

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 2:0 p.m.2 views

CVE-2026-33748 BuildKit Git URL subdir component can cause access to restricted files

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:0 p.m.7 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/27 2:0 p.m.26 views

CVE-2026-33748

CVE-2026-33748 (BuildKit) : Prior to BuildKit 0.28.1, there was insufficient validation of Git URL fragment subdir components, which could allow access to files outside the checked-out Git repository root (limited to files on the same mounted filesystem). Red Hat advisories for OpenShift Service ...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 6:27 p.m.4 views

BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

8.2CVSS5.7AI score0.00463EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/26 6:27 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 6:27 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/26 6:27 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 6:27 p.m.5 views

GHSA-4VRQ-3VRQ-G6GG BuildKit Git URL subdir component can cause access to restricted files

Impact Insufficient validation of Git URL fragment subdir components :, docs may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted filesystem. Patches The issue has been fixed in version v0.28.1 Workarounds The issue affects...

8.2CVSS5.8AI score0.00463EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 11:16 p.m.4 views

CVE-2026-3864

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

6.5CVSS0.00539EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 10:21 p.m.26 views

CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

6.5CVSS0.00539EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/20 10:21 p.m.4 views

CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI driver could craft volume identifiers containing path traversal sequenc...

6.5CVSS5.8AI score0.00539EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Kubernetes(K8s) 安全漏洞

Kubernetes K8s is an open-source system developed under the Kubernetes project, used for automated deployment, scaling, and management of containerized applications. There is a security vulnerability in Kubernetes K8s, which stems from insufficient validation of the subDir parameter in volume...

6.5CVSS6.6AI score0.00539EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 12:42 p.m.10 views

NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite

Vulnerability Description The NLTK downloader does not validate the subdir and id attributes when processing remote XML index files. Attackers can control a remote XML index server to provide malicious values containing path traversal sequences such as ../, which can lead to: 1. Arbitrary Directo...

8.1CVSS6AI score0.00498EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/19 12:42 p.m.3 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the XML index file downloader. An attacker can overwrite arbitrary files and create directories at unintended locations...

8.1CVSS6.5AI score0.00498EPSS
Exploits1References2
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2026/03/17 5:54 a.m.12 views

CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server

CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H — Medium 6.5 A vulnerability was discovered in the Kubernetes CSI Driver for NFS where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the NFS CSI...

6.5CVSS6.6AI score0.00539EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2026/02/19 9:6 a.m.11 views

Path Traversal in NLTK Downloader Package Metadata Allows Arbitrary File Write

Description The NLTK downloader does not validate file paths constructed from package metadata before writing downloaded files. A malicious NLTK data server can specify arbitrary paths via the subdir and id attributes in the package index XML, allowing arbitrary file write outside the intended...

10CVSS6.1AI score0.0079EPSS
Exploits1
OSV
OSV
added 2026/01/26 9:29 p.m.8 views

GHSA-V253-RJ99-JWPQ pnpm has Path Traversal via arbitrary file permission modification

Summary When pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory, causing pnpm to chmod 755 files at arbitrary...

6.7CVSS6AI score0.00244EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/26 9:29 p.m.8 views

pnpm has Path Traversal via arbitrary file permission modification

Summary When pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory, causing pnpm to chmod 755 files at arbitrary...

6.7CVSS6AI score0.00244EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/08 12:23 a.m.2 views

SUSE CVE-2025-40271

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...

5.2CVSS6.5AI score0.00519EPSS
Exploits3References26
Rows per page
Query Builder