CNNVD-202601-4631 Information

CNNVD ID

CNNVD-202601-4631

Related CVE

CVE-2026-24897

• CNNVD Published: 2026-01-28

Description (Chinese)

Erugo是Erugo开源的一个文件共享平台。 Erugo 0.2.14及之前版本存在代码问题漏洞，该漏洞源于创建共享时对用户提供的路径验证不足，可能导致低权限用户上传任意文件到指定位置，从而造成远程代码执行。

Description (English)

Erogo is a document-sharing platform open to Erogo. Erugo 0.2.14 and previous versions had a code problem loophole, which stemmed from the insufficient routing of users when creating sharing, which could lead to low-authority users uploading a file to a given location, leading to remote code execution.

Hazard Level

Low

Vulnerability Type

代码问题

Affected Vendor

Erugo

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/ErugoOSS/Erugo/commit/256bc63831a0b5e9a94cb024a0724e0cd5fa5e38 https://github.com/ErugoOSS/Erugo/releases/tag/v0.2.15 https://github.com/ErugoOSS/Erugo/security/advisories/GHSA-336w-hgpq-6369

Patch

https://github.com/ErugoOSS/Erugo/releases