N/A

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

N/A

不可信的搜索路径

glusterfs server 代码问题漏洞

Red Hat glusterfs server是美国红帽（Red Hat）公司的一套开源的分布式文件系统。该系统主要为媒体流、数据分析以及其他数据和带宽密集型任务创建大型分布式存储解决方案。 glusterfs server 存在代码问题漏洞，该漏洞允许攻击者可以利用此漏洞创建文件并执行任意代码。

N/A

N/A