CVE-2020-21525

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT

Description

Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.

halo-dev/halo
halo-dev/halo
Halo 是一款强大易用的开源建站工具,从个人博客、知识库,到企业官网、在线商城,Halo 都能助您轻松实现,一站式满足您的多样化建站需求。
GitHubGitHub
39.1K