Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/treeverse/lakefs

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/treeverse/lakefs in go

Moderate
8 months ago

lakeFS allows an authenticated user to cause a crash by exhausting server memory GSA_kwCzR0hTQS1qN2p3LTI4am0td2hyNs4ABEsa

go github.com/treeverse/lakefs
Moderate
11 months ago

Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion GSA_kwCzR0hTQS1oaDMzLTQ2cTQtaHdtMs4ABBy-

go github.com/treeverse/lakefs
Moderate
over 1 year ago

User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq

go github.com/treeverse/lakefs
High
almost 2 years ago

lakeFS logs S3 credentials in plain text GSA_kwCzR0hTQS00cmdjLTVnNnItMnJqZs4AA3q-

go github.com/treeverse/lakefs
Moderate
almost 2 years ago

User with permission to write actions can impersonate another user when auth token is configured in environment variable GSA_kwCzR0hTQS0yNmhyLXEyd3AtcnZjNc4AA3q9

go github.com/treeverse/lakefs
Moderate
about 2 years ago

lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files GSA_kwCzR0hTQS05cGhoLXIzN3YtMzR3aM4AA1SQ

go github.com/treeverse/lakefs
High
about 3 years ago

lakeFS vulnerable to authenticated users deleting files they are not authorized to delete GSA_kwCzR0hTQS0yOHE5LTljM2ctdjNmOc4AAvAW

go github.com/treeverse/lakefs
Moderate
almost 4 years ago

Improper Access Control in github.com/treeverse/lakefs GSA_kwCzR0hTQS1tODM2LWd4d3EtajJwbc0WvQ

go github.com/treeverse/lakefs

Filter by Severity

Moderate 6 High 2