CNNVD-202508-815 Information
CNNVD ID
CNNVD-202508-815
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
Assemblyline 4 Service Client是Canadian Centre for Cyber Security开源的一个在Assemblyline 4中发布服务结果的服务客户端。 Assemblyline 4 Service Client 4.6.1.dev138之前版本存在安全漏洞,该漏洞源于直接使用服务端返回的SHA-256值作为本地文件名,可能导致路径遍历攻击。
Description (English)
Assemblyline 4 Service Clinic is a service client from the Canadian Centre for Cyber Security Open Source that publishes the results of the service in Assemblyline 4. The previous version of Assemblyline 4 Service Clinic 4.6.1.dev138 had a security loophole, which stemmed from the direct use of the SHA-256 returned by the service end as a local file name, which could lead to a routing attack.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Canadian Centre for Cyber Security
Published
2025-08-09
Last Modified
2026-02-24
References
https://github.com/CybercentreCanada/assemblyline/security/advisories/GHSA-75jv-vfxf-3865 https://github.com/CybercentreCanada/assemblyline-service-client/commit/351414e7e96cc1f5640ae71ae51b939e8ba30900 https://access.redhat.com/security/cve/cve-2025-55013
Patch
https://github.com/CybercentreCanada/assemblyline-service-client/releases
Share on: