VYPR

Laf

by Labring

CVEs (4)

  • CVE-2023-50253Jan 3, 2024
    risk 0.00cvss epss 0.01

    Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of…

  • CVE-2023-48225Dec 12, 2023
    risk 0.00cvss epss 0.01

    Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly…

  • CVE-2019-2191Sep 27, 2019
    risk 0.00cvss epss 0.00

    In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product:…

  • CVE-2019-2190Sep 27, 2019
    risk 0.00cvss epss 0.00

    In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for exploitation.Product:…