Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local file inclusion vulnerability in http4s
Vulnerability Description
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
相对路径遍历
Vulnerability Title
http4s 路径遍历漏洞
Vulnerability Description
http4s是一款开源的用于Scala的流HTTP服务器。 http4s 0.18.26之前版本、0.20.20之前版本和0.21.2之前版本中的FileService、ResourceService和WebjarService存在路径遍历漏洞,该漏洞源于程序没有对URL进行正确的规范化处理。攻击者可利用该漏洞获取被限制的资源。
CVSS Information
N/A
Vulnerability Type
N/A