lsfusion/platform

lsfusion/platform

Releases39

Frequency4 months 1 day

Last Release about 2 months ago

Stars206

lsFusion is an extremely declarative open-source language-based platform for information systems development

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-13265 ↗	Nov 17, 2025Monday, 17 November 2025, 06:15	6.3 MEDIUM	6.5 MEDIUM
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
CVE-2025-13262 ↗	Nov 17, 2025Monday, 17 November 2025, 05:16	7.3 HIGH	7.5 HIGH
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-13261 ↗	Nov 17, 2025Monday, 17 November 2025, 04:15	5.3 MEDIUM	5 MEDIUM
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.