Опубликовано: 17 нояб. 2025
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.3
Описание
lsFusion Server is vulnerable to Path Traversal through its unpackFile function
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
Пакеты
Наименование
lsfusion.platform:server
maven
Затронутые версииВерсия исправления
<= 6.0-beta2
Отсутствует
Связанные уязвимости
CVSS3: 6.3
nvd
3 месяца назад
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.