Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
lanyulei ferry API file.go path traversal
Vulnerability Description
A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ferry 路径遍历漏洞
Vulnerability Description
ferry是lanyulei个人开发者的一个基于 Gin + Vue + Element UI前后端分离的工单系统。 ferry存在路径遍历漏洞,该漏洞源于API 组件的 apis/public/file.go文件的一些未知功能,,攻击者利用该漏洞可以通过操作参数文件导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A