漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HomeGallery: Path Traversal (Arbitrary File Read)
Vulnerability Description
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
HomeGallery 路径遍历漏洞
Vulnerability Description
HomeGallery是HomeGallery开源的一个自托管的开源 Web 画廊。用于浏览具有标记、移动友好、 和 AI 驱动的图像发现。 HomeGallery 1.21.0之前版本存在路径遍历漏洞,该漏洞源于用户请求下载时未验证请求文件是否位于媒体源目录内,可能导致敏感系统文件可被下载。
CVSS Information
N/A
Vulnerability Type
N/A