GHSA-fv2p-qj5p-wqq4: LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement

July 3, 2025

Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. In this case, an attacker might be able to write to arbitrary files on the server, allowing them to modify application data or behavior, and ultimately take full control of the server.

References

github.com/advisories/GHSA-fv2p-qj5p-wqq4
github.com/lf-edge/ekuiper
github.com/lf-edge/ekuiper/blob/1e6b6b6601445eb05316532f5fbef7f0a863ecfe/internal/server/rest.go
github.com/lf-edge/ekuiper/security/advisories/GHSA-fv2p-qj5p-wqq4

Code Behaviors & Features

Detect and mitigate GHSA-fv2p-qj5p-wqq4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →