CNNVD-202601-4556 Information

CNNVD ID

CNNVD-202601-4556

Related CVE

CVE-2020-36939

• CNNVD Published: 2026-01-27

Description (Chinese)

Cassandra Web是Bulat Shakirzyanov个人开发者的一个web界面。 Cassandra Web 0.5.0版本存在路径遍历漏洞，该漏洞源于路径遍历参数操作不当，可能导致读取任意文件。

Description (English)

Cassandra Web is a web interface for Bulat Shakirzyanov’s personal developer. Cassandra Web version 0.5.0 has a loophole in the path, which stems from the inappropriate operation of the routing parameters, which may lead to the reading of any file.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-27

Last Modified

2026-02-24

References

https://rubygems.org/gems/cassandra-web/versions/0.5.0 https://www.vulncheck.com/advisories/cassandra-web-remote-file-read https://www.exploit-db.com/exploits/49362 https://github.com/avalanche123/cassandra-web https://access.redhat.com/security/cve/cve-2020-36939