Threats Tagged 'ghsa-5g75-477j-2c2f'
View all threats tagged with 'ghsa-5g75-477j-2c2f'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-5g75-477j-2c2f'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-5g75-477j-2c2f: LaunchServer FileServerHandler has an unauthenticated path traversal issueCVE-2026-54617 0 An unauthenticated path traversal vulnerability in GravitLauncher LaunchServer (≤ 5.7.11) allows remote attackers to read arbitrary files accessible by the LaunchServer process. This includes sensitive files such as private keys used for signing JWT access tokens, refresh-token salts, and database credentials. The vulnerability arises from improper normalization of request paths, enabling traversal outside the intended directory. The file server is enabled by default and listens on all interfaces without authentication, exposing critical secrets. Exploitation requires sending a specially crafted HTTP GET request without a leading slash, which bypasses normal path normalization. This leads to full authentication bypass and potential full system compromise. Join the discussion | GCVE Database | 07/02/2026, 20:49:18 UTC Added: 07/02/2026, 22:56:46 UTC |
Showing 1 to 1 of 1 result