Description
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/halo-dev/halo/issues/418
Scores
CVSS v3
9.8
EPSS
0.0059
EPSS Percentile
69.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
halo/halo
1.1.3
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026