CNNVD-202512-229 Information
CNNVD ID
CNNVD-202512-229
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
oci-helper是Yohann个人开发者的一个可视化甲骨文云助手。 oci-helper 3.2.4及之前版本存在路径遍历漏洞,该漏洞源于对文件src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java中参数File的错误操作,可能导致路径遍历攻击。
Description (English)
oci-helper is a visualized Oracle Cloud Assistant to Yohann Personal Developer. Opi-helper 3.2.4 and previous versions have path-to-path loopholes that stem from the error of the parameter File in document src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java, which may lead to a path-to-path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2025-12-02
Last Modified
2026-02-24
References
https://vuldb.com/?submit.692125 https://vuldb.com/?id.334031 https://vuldb.com/?ctiid.334031 https://github.com/Xzzz111/exps/blob/main/archives/oci-helper-path-traversal-1/report.md#proof-of-concept https://access.redhat.com/security/cve/cve-2025-13875
Patch
https://github.com/Yohann0617/oci-helper/releases
Share on: