lanyulei ferry task.go path traversal

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

对路径名的限制不恰当(路径遍历)

ferry 路径遍历漏洞

ferry是lanyulei个人开发者的一个基于 Gin + Vue + Element UI前后端分离的工单系统。 ferry存在路径遍历漏洞，该漏洞源于apis/process/task.go文件的一些未知功能，攻击者利用该漏洞可以通过操作参数file_name导致路径遍历。

N/A

N/A