PRP: request CVE-2021-3019 Lanproxy Directory Traversal #155
Labels
Contributor queue
When a contributor has already one issue/PR in review, we put the following ones on hold with this.
PRP:Request
Comments
tooryx
added
the
Contributor queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I would like to start the implementation for a plugin that detects CVE-2021-3019 Lanproxy Directory Traversal.
Vulnerability details:ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
Type: Lanproxy Directory Traversal
Score: 7.50 high
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference:
- https://github.com/ffay/lanproxy/commits/master
- maybe-why-not/lanproxy#1
The vulnerability should have a relatively large impact radius. Yes,
Please let me know if this is in scope as I've already made the development .
The text was updated successfully, but these errors were encountered: