إرسال #757586: DataLinkDC dinky <=1.2.5 arbitrary file writesالمعلومات

عنوانDataLinkDC dinky <=1.2.5 arbitrary file writes
الوصفA path traversal vulnerability exists in the Dinky platform's Git project management functionality. Attackers with Git project creation permissions can craft malicious project names containing path traversal sequences (e.g., ../../evil), allowing arbitrary file writes to the server filesystem when projects are created or built.
المصدر⚠️ https://github.com/AnalogyC0de/public_exp/issues/5
المستخدم
 Ana10gy (UID 93358)
ارسال13/02/2026 03:28 AM (4 أشهر منذ)
الاعتدال23/02/2026 06:50 PM (11 days later)
الحالةتمت الموافقة
إدخال VulDB347409 [DataLinkDC dinky حتى 1.2.5 Project Name GitRepository.java getProjectDir projectName اجتياز الدليل]
النقاط18

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!