Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Saloon has a Fixture Name Path Traversal Vulnerability
Vulnerability Description
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments (e.g. ../traversal or ../../etc/passwd) resulted in a path outside that directory. When the application read a fixture (e.g. for mocking) or wrote one (e.g. when recording responses), it could read or write files anywhere the process had access. If the fixture name was derived from user or attacker-controlled input (e.g. request parameters or config), this constituted a path traversal vulnerability and could lead to disclosure of sensitive files or overwriting of critical files. The fix in version 4.0.0 adds validation in the fixture layer (rejecting names with /, \, .., or null bytes, and restricting to a safe character set) and defense-in-depth in the storage layer (ensuring the resolved path remains under the base directory before any read or write).
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Saloon 路径遍历漏洞
Vulnerability Description
Saloon是Saloon PHP开源的一个PHP API集成与SDK构建库。 Saloon 4.0.0之前版本存在路径遍历漏洞,该漏洞源于装置名称用于在配置的装置目录下构建文件路径而未经验证,可能导致路径遍历,从而泄露敏感文件或覆盖关键文件。
CVSS Information
N/A
Vulnerability Type
N/A