Описание
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:abelche:cola_dnslog:1.3.2:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00384
Низкий
7.5 High
CVSS3
Дефекты
CWE-23
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
EPSS
Процентиль: 59%
0.00384
Низкий
7.5 High
CVSS3
Дефекты
CWE-23