漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
scifio ZIP File DefaultSampleFilesService.java downloadAndUnpackResource path traversal
Vulnerability Description
A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SCIFIO 路径遍历漏洞
Vulnerability Description
SCIFIO是SCIFIO开源的一个可扩展的 Java 框架。用于读取和写入图像,特别是 N 维科学图像。 SCIFIO 存在路径遍历漏洞。攻击者利用该漏洞执行错误操作从而获取文件目录中的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A