| Título | https://github.com/jishenghua/jshERP jshERP v3.6 Path Traversal |
|---|
| Descripción | In function "com.gitee.starblues.integration.operator.DefaultPluginOperator#install".
The path provided by the user is passed into the "java.nio.file.Files#exists" function without any filtering, allowing directory traversal using '..' and similar methods, resulting in information disclosure about whether a file exists or type of a file. |
|---|
| Fuente | ⚠️ https://github.com/jishenghua/jshERP/issues/147 |
|---|
| Usuario | mukyuuhate (UID 93052) |
|---|
| Sumisión | 2026-01-16 09:05 (hace 5 meses) |
|---|
| Moderación | 2026-01-29 07:01 (13 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 343351 [jishenghua jshERP hasta 3.6 installByPath install path recorrido de directorios] |
|---|
| Puntos | 19 |
|---|