Pwnlift
Monthly
Symlink following in pwnlift's Blazor upload handler permits arbitrary file write with elevated system privileges when the application is deployed in a privileged (root or high-privilege) context. All pwnlift releases before commit d7a95449d9ee1ea09ec1529286685f6187afbbed are affected through the upload component in Components/Pages/Home.razor. No public exploit has been identified at time of analysis; an upstream fix is available via the referenced GitHub commit.
Symlink following in pwnlift's Blazor upload handler permits arbitrary file write with elevated system privileges when the application is deployed in a privileged (root or high-privilege) context. All pwnlift releases before commit d7a95449d9ee1ea09ec1529286685f6187afbbed are affected through the upload component in Components/Pages/Home.razor. No public exploit has been identified at time of analysis; an upstream fix is available via the referenced GitHub commit.