漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse
Vulnerability Description
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms (Mutex) and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file (app.ini). This vulnerability results in a persistent Denial of Service (DoS) and introduces a non-deterministic path for Remote Code Execution (RCE) through configuration cross-contamination. This issue has been patched in version 2.3.4.
CVSS Information
N/A
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Nginx UI 竞争条件问题漏洞
Vulnerability Description
Nginx UI是Jacky个人开发者的一个 Nginx 的 WebUI。 Nginx UI 2.3.4之前版本存在竞争条件问题漏洞,该漏洞源于存在竞争条件,由于缺乏同步机制和非原子文件写入,可能导致主配置文件损坏,引发持久性拒绝服务或远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A