Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Traefik 安全漏洞
Vulnerability Description
Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 2.11.27及之前版本、3.0.0至3.4.4版本和3.5.0-rc1版本存在安全漏洞,该漏洞源于WASM插件安装机制存在路径遍历,可能导致任意文件覆盖。
CVSS Information
N/A
Vulnerability Type
N/A