Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
changedetection.io vulnerable to unauthenticated static path traversal
Vulnerability Description
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("static/..", filename)` to execute. This moves the base directory up to `/app/changedetectionio`, enabling unauthenticated local file read of application source files (e.g., `flask_app.py`). Version 0.53.2 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
changedetection.io 路径遍历漏洞
Vulnerability Description
changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 changedetection.io 0.53.2之前版本存在路径遍历漏洞,该漏洞源于/static/<group>/<filename>路由接受group=..参数,可能导致未经身份验证的本地文件读取。
CVSS Information
N/A
Vulnerability Type
N/A