CNNVD-202506-2133 Information
CNNVD ID
CNNVD-202506-2133
Related CVE
- CNNVD Published: 2025-06-18
Description (Chinese)
Lychee是The Lychee Organisation开源的一个漂亮且易于使用的照片管理系统。用于管理和共享照片。 Lychee 6.6.6至6.6.10之前版本存在路径遍历漏洞,该漏洞源于路径遍历,可能导致本地文件泄露。
Description (English)
Lychee is a beautiful and easy-to-use photo management system for the Lychee Organization. Used to manage and share photographs. Lychee’s pre-versions 6.6.6 to 6.6.10 have a loophole in the path, which stems from the path trail, which may lead to the disclosure of local documents.
Hazard Level
Medium
Vulnerability Type
路径遍历
Affected Vendor
The Lychee Organisation
Published
2025-06-18
Last Modified
2026-02-24
References
https://github.com/LycheeOrg/Lychee/blob/0709f5d984d4df77fc5e23a29a0231437e684e99/app/Http/Controllers/SecurePathController.php#L61 https://github.com/LycheeOrg/Lychee/commit/ae7270b7b47e4a284ea1f69d260e52d592711072 https://github.com/LycheeOrg/Lychee/security/advisories/GHSA-6rj9-gm78-vhf9
Patch
https://github.com/LycheeOrg/Lychee/releases
Share on: