Dismissed
Permalink
CVE-2026-3051
6.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
6 packages
- rubyPackages.jekyll-theme-dinky
- rubyPackages_3_1.jekyll-theme-dinky
- rubyPackages_3_2.jekyll-theme-dinky
- rubyPackages_3_3.jekyll-theme-dinky
- rubyPackages_3_4.jekyll-theme-dinky
- rubyPackages_4_0.jekyll-theme-dinky
- @LeSuisse dismissed
DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal
A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
- VDB-347409 | DataLinkDC dinky Project Name GitRepository.java getProjectDir path traversal vdb-entry technical-description
- VDB-347409 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
- Submit #757586 | DataLinkDC dinky <=1.2.5 arbitrary file writes third-party-advisory
- https://github.com/AnalogyC0de/public_exp/issues/5 issue-tracking
- https://github.com/AnalogyC0de/public_exp/issues/5#issue-3935000629 issue-tracking exploit
Affected products
dinky
- ==1.2.5
- ==1.2.2
- ==1.2.1
- ==1.2.3
- ==1.2.0
- ==1.2.4
Ignored packages (6)
pkgs.rubyPackages.jekyll-theme-dinky
None
pkgs.rubyPackages_3_1.jekyll-theme-dinky
None
pkgs.rubyPackages_3_2.jekyll-theme-dinky
None
pkgs.rubyPackages_3_3.jekyll-theme-dinky
None
pkgs.rubyPackages_3_4.jekyll-theme-dinky
None