
github.com/treeverse/lakefs
go · Repository · Package
Security Advisories for github.com/treeverse/lakefs in go
Moderate
7 months ago
lakeFS allows an authenticated user to cause a crash by exhausting server memory
go
github.com/treeverse/lakefs
Moderate
10 months ago
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
go
github.com/treeverse/lakefs
Moderate
over 1 year ago
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
go
github.com/treeverse/lakefs
Moderate
almost 2 years ago
User with permission to write actions can impersonate another user when auth token is configured in environment variable
go
github.com/treeverse/lakefs
Moderate
about 2 years ago
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files
go
github.com/treeverse/lakefs
High
about 3 years ago
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
go
github.com/treeverse/lakefs
Moderate
almost 4 years ago
Improper Access Control in github.com/treeverse/lakefs
go
github.com/treeverse/lakefs