Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Vulnerability Description
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy(), write(), and remove()+write(use_existing=True) use that unchecked path in file I/O operations. This allows arbitrary file read/copy and, in some flows, move/delete outside the File-set root. This issue has been fixed in version 3.0.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
pydicom 路径遍历漏洞
Vulnerability Description
pydicom是DICOM in Python开源的一个用于读写DICOM医学影像文件的Python库。 pydicom 2.0.0-rc.1至3.0.1版本存在路径遍历漏洞,该漏洞源于恶意制作的DICOMDIR ReferencedFileID可能导致路径遍历,允许任意文件读取、复制、移动或删除。
CVSS Information
N/A
Vulnerability Type
N/A