Security Advisories for github.com/treeverse/lakefs in go
High
4 months ago
lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access
go
github.com/treeverse/lakefs
Moderate
5 months ago
lakeFS is Missing Timestamp Validation in S3 Gateway Authentication
go
github.com/treeverse/lakefs
Moderate
7 months ago
lakeFS affected by unauthenticated access to API usage metrics
go
github.com/treeverse/lakefs
Moderate
over 1 year ago
lakeFS allows an authenticated user to cause a crash by exhausting server memory
go
github.com/treeverse/lakefs
Moderate
over 1 year ago
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
go
github.com/treeverse/lakefs
Moderate
over 2 years ago
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
go
github.com/treeverse/lakefs
Moderate
over 2 years ago
User with permission to write actions can impersonate another user when auth token is configured in environment variable
go
github.com/treeverse/lakefs
Moderate
almost 3 years ago
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files
go
github.com/treeverse/lakefs
High
over 3 years ago
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
go
github.com/treeverse/lakefs
Moderate
over 4 years ago
Improper Access Control in github.com/treeverse/lakefs
go
github.com/treeverse/lakefs