Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution
Vulnerability Description
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as ".." to redirect the computed directory outside the intended /tmp/<name>/<id> path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to "..", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll("/tmp") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
dagu 路径遍历漏洞
Vulnerability Description
dagu是Dagu Workflow Engine开源的一个工作流引擎。 dagu 2.2.4之前版本存在路径遍历漏洞,该漏洞源于dagRunId请求字段未经格式验证直接传递给filepath.Join,可能导致路径遍历和任意文件删除,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A