ferry_project ferry 对路径名的限制不恰当（路径遍历）

admin

0
文章

0
评论

2023-11-30 05:12:52 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

ferry_project ferry 对路径名的限制不恰当（路径遍历）

CVE编号

CVE-2022-3939

利用情况

暂无

补丁情况

N/A

披露时间

2022-11-11

漏洞描述

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://vuldb.com/?id.213446

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	ferry_project	ferry	-	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	java-11-openjdk-demo	*		Up to (excluding) 11.0.17.0.8-2.1.al7
	运行在以下环境
	系统	amazon_2	java-17-amazon-corretto	*		Up to (excluding) 11.0.17+8-1.amzn2
	运行在以下环境
	系统	amazon_2022	java-17-amazon-corretto	*		Up to (excluding) 1.8.0-amazon-corretto-1.8.0_352.b08-1.amzn2022
	运行在以下环境
	系统	anolis_os_7	java-11-openjdk-demo-debug	*		Up to (excluding) 11.0.17.0.8-2
	运行在以下环境
	系统	anolis_os_8	java-17-openjdk-javadoc-zip	*		Up to (excluding) 11.0.17.0.8-2.0.1
	运行在以下环境
	系统	centos_7	java-11-openjdk	*		Up to (excluding) 11.0.17.0.8-2.el7_9
	运行在以下环境
	系统	centos_8	java-17-openjdk-javadoc-zip	*		Up to (excluding) 11.0.17.0.8-2.el8_6
	运行在以下环境
	系统	fedora_35	java-11-openjdk-slowdebug-debuginfo	*		Up to (excluding) 19.0.1.0.10-2.rolling.fc35
	运行在以下环境
	系统	fedora_36	java-11-openjdk-slowdebug-debuginfo	*		Up to (excluding) 19.0.1.0.10-2.rolling.fc36
	运行在以下环境
	系统	fedora_37	java-11-openjdk-slowdebug-debuginfo	*		Up to (excluding) 19.0.1.0.10-2.rolling.fc37
	运行在以下环境
	系统	kylinos_aarch64_V10	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.0.8-11.3.0.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10	java-11-openjdk	*		Up to (excluding) 11.0.18.0.10-2.el8_7
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
	运行在以下环境
	系统	opensuse_Leap_15.3	java-1_8_0-ibm-plugin	*		Up to (excluding) 11.0.17.0-150000.3.86.2
	运行在以下环境
	系统	opensuse_Leap_15.4	java-1_8_0-ibm-plugin	*		Up to (excluding) 11.0.17.0-150000.3.86.2
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 11.0.17.0.8-2.0.1.el7_9
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 17.0.5.0.8-2.el8_6
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 11.0.17.0.8-2.0.1.el9_0
	运行在以下环境
	系统	redhat_7	java-11-openjdk	*		Up to (excluding) 11-openjdk-devel-11.0.17.0.8-2.el7_9
	运行在以下环境
	系统	redhat_8	java-11-openjdk-src	*		Up to (excluding) 17.0.5.0.8-2.el8_6
	运行在以下环境
	系统	redhat_9	java	*		Up to (excluding) 11-openjdk-devel-11.0.17.0.8-2.el9_0
	运行在以下环境
	系统	suse_12_SP5	java-1_8_0-ibm-alsa	*		Up to (excluding) 11.0.17.0-3.49.2