-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a directory traversal in the solon-faas-luffy component of Solon. The provided commit 49a3bf95fdcf050829843004b65a2b336ca6ddff directly addresses this issue. The patch modifies the fileGet method within the JtFunctionLoaderFile.java file. Specifically, it adds a conditional check at the beginning of the function to see if the input path string contains "../" or "..\\". If such sequences are found, the function now returns null, effectively preventing the traversal. This indicates that prior to this patch, the fileGet function would process such paths, leading to the directory traversal vulnerability. Therefore, org.noear.solon.luffy.impl.JtFunctionLoaderFile.fileGet is the vulnerable function as it directly processed the user-controlled path that could be manipulated for directory traversal.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.noear:solon-faas-luffy | maven | >= 3.1.2, < 3.2.0 | 3.2.0 |
JavaJavaOngoing coverage of React2Shell