Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
miniserve 安全漏洞
Vulnerability Description
miniserve是Sven-Hendrik Haase个人开发者的一个命令行工具。 miniserve 0.32.0版本存在安全漏洞,该漏洞源于上传完成时存在TOCTOU和符号链接竞争,可能导致覆盖预期上传/文档根目录之外的文件。
CVSS Information
N/A
Vulnerability Type
N/A