VYPR
Unrated severityOSV Advisory· Published Mar 18, 2019· Updated Aug 5, 2024

CVE-2018-11789

CVE-2018-11789

Description

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.