Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy
Vulnerability Description
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the boundaries of a configured Virtual Folder. This vulnerability is fixed in 2.7.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SFTPGo 路径遍历漏洞
Vulnerability Description
SFTPGo是意大利Nicola Murino个人开发者的一个功能齐全且高度可配置的 SFTP 服务器。 SFTPGo 2.7.1之前版本存在路径遍历漏洞,该漏洞源于路径规范化不一致,可能导致授权绕过。
CVSS Information
N/A
Vulnerability Type
N/A