Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`
Vulnerability Description
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating integrity and potentially enabling follow-on attacks depending on deployment. Version 1.5.2 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Fireshare 安全漏洞
Vulnerability Description
Fireshare是Shane Israel个人开发者的一个媒体托管软件。 Fireshare 1.5.1版本存在安全漏洞,该漏洞源于分块上传端点存在已认证的路径遍历,可能导致任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A