CVE-2024-49366 Information

Description

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification and can construct a value value in the form of ../../. Arbitrary files can be written to the server which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.

Reference

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36