Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blinko: Unauthorized Arbitrary File Read - /plugins
Vulnerability Description
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the plugin file server endpoint uses join() to concatenate paths but does not verify if the final path is within the plugins directory, leading to path traversal. At time of publication, there are no publicly available patches.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Blinko 路径遍历漏洞
Vulnerability Description
Blinko是Blinko开源的一款基于人工智能的卡片式笔记应用,专为想要快速捕捉和整理转瞬即逝的灵感的用户而设计。 Blinko 1.8.3及之前版本存在路径遍历漏洞,该漏洞源于插件文件服务器端点使用join()连接路径但未验证最终路径是否在插件目录内,可能导致路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A