Количество 2
Количество 2
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process.
GHSA-hmmh-292h-3364
Weaviate OSS has path traversal vulnerability via the Shard Movement API
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-67819 An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files accessible to the service process. | CVSS3: 4.9 | 0% Низкий | около 2 месяцев назад |
| GHSA-hmmh-292h-3364 Weaviate OSS has path traversal vulnerability via the Shard Movement API | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу