| शीर्षक | kerwincui FastBee ≤ 1.2.1 Path Traversal |
|---|
| विवरण | FastBee contains an arbitrary file read vulnerability in the file download functionality. The /iot/tool/download endpoint uses user-controlled fileName input to construct a local file path without canonicalization or boundary checks. Attackers can supply ../ path traversal sequences to escape the configured profile directory and read arbitrary files from the server filesystem. |
|---|
| स्रोत | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/Yv1gdAzFpoHCUUxDdKSculR4nKf?from=from_copylink |
|---|
| उपयोगकर्ता | xcxr (UID 86629) |
|---|
| सबमिशन | 09/04/2026 04:50 AM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 10:35 AM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360829 [kerwincui FastBee तक 1.2.1 Tool Download Endpoint ToolController.java ToolController.download fileName निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 19 |
|---|