Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Joyent Smart Data Center 安全漏洞
Vulnerability Description
Joyent Smart Data Center(SDC)是美国Joyent公司的一套开源的云管理平台,它提供下一代基于容器、面向服务架构的多数据库中心管理,能够简化安装和管理。 Joyent SDC agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf(e469cf49-4de3-4658-8419-ab42837916ad)之前的版本中的docker API存在安全漏洞,该漏洞源于程序没有正确的验证用户提交的数据。远程攻击者可利用该漏洞
CVSS Information
N/A
Vulnerability Type
N/A