This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A Path Traversal vulnerability in **dagu** (Dagu Workflow Engine).β¦
π‘οΈ **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory. <br>π **Flaw**: The `dagRunId` request field is passed directly to `filepath.Join` **without format validation**.β¦
π¦ **Vendor**: dagu-org. <br>π **Affected**: **dagu** versions **prior to 2.2.4**. <br>β οΈ If you are running v2.2.3 or earlier, you are vulnerable.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Capabilities**: <br>1. **Read**: Access arbitrary files on the system. <br>2. **Write/Delete**: Delete arbitrary files. <br>3. **Impact**: Cause **Denial of Service** by deleting critical workflow or system files.
π« **Public Exploit**: **No**. <br>π **PoCs**: None listed in the data. <br>π **Status**: No wild exploitation reported yet, but the flaw is straightforward.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Check your **dagu version**. Is it < 2.2.4? <br>2. Inspect code for `filepath.Join` usage with `dagRunId`. <br>3. Look for missing input validation/sanitization on workflow run IDs.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **Yes**. <br>π§ **Patch**: Upgrade to **dagu v2.2.4** or later. <br>π **Commit**: See GitHub commit `12c2e5395bd9331d49ca103593edfd0db39c4f38`.
Q9What if no patch? (Workaround)
π **Workaround (If no patch)**: <br>1. **Input Sanitization**: Manually validate `dagRunId` to ensure it contains only safe characters (alphanumeric, no `../`). <br>2.β¦
π₯ **Urgency**: **HIGH**. <br>π **CVSS**: **7.5** (High). <br>β‘ **Priority**: Patch immediately. The ability to **delete files** and cause **DoS** makes this critical for operational stability. Don't wait!