Отправить #729331: yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File ReadИнформация

Название	yeqifu warehouse aaf29962ba407d22d991781de28796ee7b4670e4 Arbitrary File Read
Описание	An arbitrary file read vulnerability was discovered in AppFileUtils.java of the project https://github.com/yeqifu/warehouse. The affected functionality is an image display route (/file/showImageByPath?path=)that invokes AppFileUtils.java and accepts a user-controlled path parameter to locate files under a specified directory. Due to improper input validation, the path parameter is directly used to read files without verifying its legitimacy. By manipulating the path parameter with relative path sequences, an attacker can access, download, or view arbitrary files on the server.
Источник	⚠️ https://github.com/5i1encee/Vul/blob/main/Arbitrary%20File%20Read%20Vulnerability%20in%20Project%20yeqifu%20warehouse.md
Пользователь	5i1encee (UID 94076)
Представление	02.01.2026 11:33 (3 месяцы назад)
Модерация	02.01.2026 13:32 (2 hours later)
Статус	принято
Запись VulDB	339385 [yeqifu warehouse до aaf29962ba407d22d991781de28796ee7b4670e4 AppFileUtils.java createResponseEntity path обход каталога]
Баллы	20

Do you know our Splunk app?

Download it now for free!