Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bugsink is vulnerable to Path Traversal attacks via event_id in ingestion
Vulnerability Description
Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted event_id input without validation. A specially crafted event_id can result in paths outside the intended directory, potentially allowing file overwrite or creation in arbitrary locations. Submitting such input requires access to a valid DSN, potentially exposing them. If Bugsink runs in a container, the effect is confined to the container’s filesystem. In non-containerized setups, the overwrite may affect other parts of the system accessible to that user. This is fixed in versions 1.4.3, 1.5.5, 1.6.4 and 1.7.4.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Bugsink 路径遍历漏洞
Vulnerability Description
Bugsink是Bugsink开源的一个自托管Bug跟踪软件。 Bugsink存在路径遍历漏洞,该漏洞源于未验证event_id输入导致路径构造不当,可能导致任意文件覆盖或创建。以下版本受到影响:1.4.2及之前版本、1.5.0至1.5.4版本、1.6.0至1.6.3版本和1.7.0至1.7.3版本。
CVSS Information
N/A
Vulnerability Type
N/A