Submit #275053: rebuild rebuild <= 3.5.5 Unauthorized file read
Title | rebuild rebuild <= 3.5.5 Unauthorized file read |
---|---|
Description | In the FileDownloader#proxyDownloadmethod, receives the parameter url, and calls QiniuCloud.getStorageFilemethod,and call writeLocalFile to echo result.So the attacker can read files of user directory .rebuild without login. |
Source | ⚠️ https:/ |
User | lemono (ID 59906) |
Submission | 2024-01-30 04:21 (4 months ago) |
Moderation | 2024-01-31 08:02 (1 day later) |
Status | Przyjęty |
VulDB Entry | 252455 |