2 matches found
CVE-2022-3940
CVE-2022-3940 affects lanyulei ferry; path traversal arises from manipulating the file_name argument in apis/process/task.go. Root cause is unknown portion exposure, with a high-severity CVSSv3.1 (3.1) base score 9.8 and critical impact on confidentiality, integrity, and availability. Multiple so...
CVE-2022-3939
A vulnerability (CVE-2022-3939) affects the lanyulei ferry API, specifically the file.go handler in API: manipulation of the file parameter enables path traversal. Documented as allowing remote initiation, with VDB-213446 as the identifier. Connected sources corroborate the issue across multiple ...