Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HomeGallery: Path Traversal (Arbitrary File Read)
Vulnerability Description
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
HomeGallery 路径遍历漏洞
Vulnerability Description
HomeGallery是HomeGallery开源的一个自托管的开源 Web 画廊。用于浏览具有标记、移动友好、 和 AI 驱动的图像发现。 HomeGallery 1.21.0之前版本存在路径遍历漏洞,该漏洞源于用户请求下载时未验证请求文件是否位于媒体源目录内,可能导致敏感系统文件可被下载。
CVSS Information
N/A
Vulnerability Type
N/A