2 matches found
Laf Information Disclosure Vulnerability
Laf is a cloud development platform from labring labs. An information disclosure vulnerability exists in Laf 1.0.0-beta.13 and earlier versions, which stems from a vulnerability that allows an authenticated attacker to obtain sensitive information in the logs of Pods under the same namespace...
Code injection
Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...