CVE-2024-40120: Seaweedfs Incomplete Bucket Validation

Incomplete validation of bucket names may allow malicious characters through, leading to injection attacks if the name is used in SQL table names or paths.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

Go^β

greprules fetch cve-2024-40120-seaweedfs-incomplete-bucket-validation --engine opengrep

Description

Incomplete validation of bucket names may allow malicious characters through, leading to injection attacks if the name is used in SQL table names or paths.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 61How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0