Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crafatar path traversal vulnerability
Vulnerability Description
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Crafatar 路径遍历漏洞
Vulnerability Description
Crafatar是Crafatar公司的一个应用程序,提供基于皮肤的 Minecraft 头像,供外部应用程序使用。 Crafatar 2.1.5之前版本存在路径遍历漏洞,该漏洞源于在默认情况下,容器内的所有文件可以在存储库中找到,并且不是机密的。
CVSS Information
N/A
Vulnerability Type
N/A