Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
zola 路径遍历漏洞
Vulnerability Description
zola是一个二进制文件中的快速静态站点生成器,内置所有内容。 zola 0.13.0至0.17.2版本存在安全漏洞,该漏洞源于函数handle_request不会过滤URL中的特殊路径控制符,导致存在路径遍历漏洞。攻击者可利用该漏洞从文件系统读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A