CNNVD-202511-1945 Information

CNNVD ID

CNNVD-202511-1945

Related CVE

CVE-2025-13261

• CNNVD Published: 2025-11-17

Description (Chinese)

lsFusion是lsfusion开源的一个基于声明性开源语言的信息系统开发平台。 lsfusion 6.1及之前版本存在路径遍历漏洞，该漏洞源于对文件web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java中参数Version的错误操作，可能导致路径遍历。

Description (English)

IsFusion is a platform for information system development based on the declared open-source language. There is a loophole in the path 6.1 and previous versions, which stems from an error in the parameters Version in the documentweb-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequesthandler.java, which may lead to a path pass.

Hazard Level

High

Vulnerability Type

路径遍历

Published

2025-11-17

Last Modified

2026-02-24

References

https://vuldb.com/?submit.689412 https://github.com/lsfusion/platform/issues/1543 https://vuldb.com/?ctiid.332596 https://vuldb.com/?id.332596 https://github.com/lsfusion/platform/issues/1543#issue-3576922131 https://access.redhat.com/security/cve/cve-2025-13261