Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
hoffie larasync file_storage.go path traversal
Vulnerability Description
A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
larasync 路径遍历漏洞
Vulnerability Description
larasync是Christian Hoffmann个人开发者的一种端到端的加密、简单且快速的自托管文件同步解决方案。 larasync存在路径遍历漏洞。攻击者利用该漏洞可以访问存储在Web根文件夹之外的文件和目录。
CVSS Information
N/A
Vulnerability Type
N/A