Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SFTPGo improperly sanitizes placeholders in group home directories/key prefixes
Vulnerability Description
SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group paths, for example, home directories or key prefixes. When a group is configured with a dynamic home directory or key prefix using placeholders like %username%, the value replacing the placeholder is not strictly sanitized against relative path components. Consequently, if a user is created with a specially crafted username the resulting path may resolve to a parent directory instead of the intended sub-directory. This issue is fixed in version v2.7.1
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
SFTPGo 路径遍历漏洞
Vulnerability Description
SFTPGo是意大利Nicola Murino个人开发者的一个功能齐全且高度可配置的 SFTP 服务器。 SFTPGo 2.7.1之前版本存在路径遍历漏洞,该漏洞源于动态组路径输入验证不当,可能导致路径解析到父目录。
CVSS Information
N/A
Vulnerability Type
N/A