9 matches found
SUSE CVE-2026-26187
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
PT-2026-20656
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in the Navigation feature in Google Chrome before version 147.0.7727.55 could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a...
CVE-2026-26187
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
EUVD-2026-5918
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
CVE-2026-26187
CVE-2026-26187 affects lakeFS before v1.77.0, where the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read/write files outside the configured storage. The verifyRelPath check used strings.HasPrefix without requiring a separator, enabling path traversal to sibling ...
CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...
PT-2026-8024
Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.77.0 Description lakeFS, an open-source tool for transforming object storage into Git-like repositories, contains path traversal issues in its local block adapter pkg/block/local/adapter.go. The verifyRelPath functio...
CVE-2025-52478
CVE-2025-52478 is a stored XSS in the n8n Form Trigger HTML element affecting versions 1.77.0 up to before 1.98.2. An authenticated attacker can inject malicious HTML via an with a srcdoc payload or through with a using onerror, enabling exfiltration of cookies/browser identifiers and enabling...