| Titel | https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal |
|---|
| Beschreibung | In function "com.gitee.starblues.integration.operator.DefaultPluginOperator#install".
The path provided by the user is passed into the "java.nio.file.Files#exists" function without any filtering, allowing directory traversal using '..' and similar methods, resulting in information disclosure about whether a file exists or type of a file. |
|---|
| Quelle | ⚠️ https://github.com/jishenghua/jshERP/issues/147 |
|---|
| Benutzer | mukyuuhate (UID 93052) |
|---|
| Einreichung | 16.01.2026 09:05 (vor 5 Monaten) |
|---|
| Moderieren | 29.01.2026 07:01 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 343351 [jishenghua jshERP bis 3.6 installByPath install path Directory Traversal] |
|---|
| Punkte | 19 |
|---|