pkg:Go/github.com/openziti/zrok

共 5 筆 CVEHIGH2MEDIUM2

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.7CVE-2026-42275zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
    from 0, <= 1.1.11
  • HIGH7.5CVE-2026-40303zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
    from 0, <= 1.1.11
  • MEDIUM6.1CVE-2026-40302zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
    from 0, <= 1.1.11
  • MEDIUM5.3CVE-2026-40304zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
    from 0, <= 1.1.11
  • CVE-2026-45576zrok copy writes attacker-controlled WebDAV paths outside the destination root
    >= 0.4.23, <= 1.1.11