CVE-2024-1098

Name of the Vulnerable Software and Affected Versions Rebuild versions up to 3.5.5

Description A vulnerability was found in Rebuild, affecting the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used.

Recommendations For Rebuild versions up to 3.5.5, as a temporary workaround, consider restricting access to the QiniuCloud.getStorageFile function until a patch is available. Avoid using the url argument in the affected file /filex/proxy-download to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.