Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZipSlip vulnerability in bblfshd
Vulnerability Description
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, he may be able to read arbitrary system files the parent process has permissions to read. For more details including a PoC see the referenced GHSL-2020-258.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
相对路径遍历
Vulnerability Title
bblfshd 后置链接漏洞
Vulnerability Description
bblfshd是,一个用于控制已安装驱动程序和查询守护程序状态的 cli 工具。 bblfshd 中存在后置链接漏洞,该漏洞源于产品在解包过程中对符号链接的不正确处理,攻击者可通过该漏洞向任意位置写入恶意文件。以下产品及版本受到影响: BBLFSHD 4265465b9b6fb5663c30ee43806126012066aad4 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A