![]() ![]() This makes it possible to construct a URI to bypass the block list on some occasions. The $request_uri is the full original request URI without normalization. The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The vulnerability issue is resolved in Aim v3.1.0. By manipulating variables that reference files with “dot-dot-slash (./)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. As a workaround, delete the `front/send.php` file.Īim is an open-source, self-hosted machine learning experiment tracking tool. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. Users are advised to upgrade as soon as possible.īarcode is a GLPI plugin for printing barcodes and QR codes. The vulnerability has been patched as of v1.18.5. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. Nodebb is an open source Node.js based forum software. Users are advised to upgrade as soon as possible. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |