Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lif Auth Server vulnerable to uncontrolled data in path expression
Vulnerability Description
Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Lif Authentication Server 安全漏洞
Vulnerability Description
Lif Authentication Server是Lif Platforms开源的一个用于验证 Lif 帐户登录、管理信息和帐户恢复的服务器。 Lif Authentication Server 1.4.0之前版本存在安全漏洞,该漏洞源于没有检查身份验证服务器通过URL接收的文件是否正确,可能允许攻击者访问他们不应访问的文件。
CVSS Information
N/A
Vulnerability Type
N/A