| タイトル | HBAI-Ltd Toonflow 1.1.1 Remote Code Execution |
|---|
| 説明 | The Toonflow application's update mechanism (/api/setting/about/downloadApp) downloads a ZIP file from a user-controlled URL without any integrity verification (no signature, no checksum, no domain allowlist). The ZIP is extracted without path traversal validation, and its contents are then copied directly over the application's own server code (data/serve/), web frontend (data/web/), prompt templates (data/skills/), and ML models (data/models/). An authenticated attacker can supply a URL pointing to a malicious ZIP file to achieve complete remote code execution by replacing the application's server-side JavaScript. |
|---|
| ソース | ⚠️ https://github.com/HBAI-Ltd/Toonflow-app/issues/96 |
|---|
| ユーザー | Yu Bao (UID 88956) |
|---|
| 送信 | 2026年04月08日 11:03 (19 日 ago) |
|---|
| モデレーション | 2026年04月26日 10:16 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 359660 [HBAI-Ltd Toonflow-app 迄 1.1.1 downloadApp Endpoint downloadApp.ts z.url ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|