-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/lf-edge/ekuiper/v2 | go | < 2.2.0 | 2.2.0 |
| github.com/lf-edge/ekuiper | go | <= 1.14.7 |
Miggo AIRoot Cause AnalysisThe core of the vulnerability was a classic path traversal issue present in multiple HTTP handlers within the eKuiper server. The primary vulnerable function, fileUploadHandler, accepted a user-controlled filename which was then joined with a base directory path to create a file. Because the filename was not sanitized for directory traversal sequences (e.g., ../), an attacker could craft a request to write or overwrite files in any directory the eKuiper process had write access to. This could lead to replacing application binaries or other critical files, resulting in arbitrary code execution.
The analysis of the patches revealed that the fix was two-fold. First, in commit 8b6701fe12e0441b604101fd1be12a8ed049c243, a new validation function, ValidatePath, was introduced to explicitly check for and reject any paths containing ... This fix was applied not only to fileUploadHandler but to a number of other handlers that also accepted file paths as input, indicating they were all affected by the same vulnerability pattern. Second, commit 1a86c4f6d229e46c0d62c45d585003b809396ac3 provided an additional layer of defense by changing the file creation logic to be relative to a secured root directory handle, further mitigating the risk of traversal. The identified functions are all the handlers that were patched to include this new validation, and therefore were considered vulnerable before the fix.
Ongoing coverage of React2Shell