PT-2025-38061 · Luanox · Luanox

Vhyrro

Publicado

2025-09-16

Atualizado

2025-09-17

CVE-2025-59336

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Luanox versions prior to 0.1.1

Description Luanox is a module host for Lua packages. A file traversal vulnerability can cause a denial of service by overwriting Phoenix runtime files. Package names, such as ../../package, are not properly filtered during rockspec verification, allowing files to be stored at unintended relative path locations. This could potentially overwrite runtime files and cause the website to crash.

Recommendations Update to version 0.1.1 or later.

Exploit

Correção

DoS

Relative Path Traversal

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-23CWE-22

Identificadores relacionados

CVE-2025-59336

GHSA-42C5-X4PJ-4P3W

Produtos afetados

Luanox

PT-2025-38061 · Luanox · Luanox

CVE-2025-59336

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8