CNNVD-202602-2218 Information
CNNVD ID
CNNVD-202602-2218
Related CVE
- CNNVD Published: 2026-02-13
Description (Chinese)
lakeFS是Treeverse开源的一款开源工具,可将您的对象存储转换为类似 Git 的存储库。 lakeFS 1.77.0之前版本存在路径遍历漏洞,该漏洞源于本地块适配器路径验证不足,可能导致经过身份验证的用户读写指定存储边界之外的文件。
Description (English)
MakeFS is an open source tool for Treeverse to convert your object to a Git-like repository. There is a loophole in the path before the previous version 1.77.0, which results from the inadequate authentication of the path of the local block adaptor, which may lead to the user with authentication to read and write a document outside the specified storage boundary.
Vulnerability Type
路径遍历
Affected Vendor
Treeverse
Published
2026-02-13
Last Modified
2026-02-24
References
https://github.com/treeverse/lakeFS/commit/cbc106275357302a834280f133265dc39f1384ce https://github.com/treeverse/lakeFS/releases/tag/v1.77.0 https://github.com/treeverse/lakeFS/security/advisories/GHSA-699m-4v95-rmpm
Patch
https://github.com/treeverse/lakeFS/releases
Share on: