Summary
Armeria: External Control of File Name or Path in xDS SDS DataSource
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-M54H-VHF9-3W3M
BBOT: Arbitrary File Write in postman_download Module
- HIGHGHSA-P6GQ-J5CR-W38F
Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message
- HIGHGHSA-F44V-7QGW-9GH9
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
- MEDIUMGHSA-RCJH-R59H-GQ37
Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
- MEDIUMGHSA-Q59X-JC9F-GFQF
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
- MEDIUMGHSA-5739-39V2-5754
PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle