VYPR

heron-ui

by Apache

CVEs (1)

  • CVE-2018-11789HigMar 21, 2019
    risk 0.49cvss 7.5epss 0.07

    When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.