Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27164: GitHub - halo-dev/halo: 强大易用的开源建站工具。

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.

CVE
#vulnerability#web#git#java#docker#gradle

main

Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

10 branches 110 tags

Code

  • Clone

    Use Git or checkout with SVN using the web URL.

  • Open with GitHub Desktop

  • Download ZIP

Latest commit

Git stats

  • 4,099 commits

FilesPermalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.github

config/checkstyle

console

docs

gradle/wrapper

hack

src

.editorconfig

.gitattributes

.gitignore

CODE_OF_CONDUCT.md

CONTRIBUTING.md

Dockerfile

LICENSE

OWNERS

README.md

SECURITY.md

build.gradle

gradle.properties

gradlew

gradlew.bat

settings.gradle

快速开始 在线体验 生态 许可证 贡献 状态

README.md

Halo [ˈheɪloʊ],强大易用的开源建站工具。

官网 文档 社区 Gitee Telegram 频道

快速开始

docker run \ -it -d \ –name halo \ -p 8090:8090 \ -v ~/.halo2:/root/.halo2 \ halohub/halo:2.2 \ –halo.external-url=http://localhost:8090/ \ –halo.security.initializer.superadminusername=admin \ –halo.security.initializer.superadminpassword=P@88w0rd

以上仅作为体验使用,详细部署文档请查阅:https://docs.halo.run/getting-started/install/docker-compose

在线体验

  • 环境地址:https://demo.halo.run
  • 后台地址:https://demo.halo.run/console
  • 用户名:demo
  • 密码:P@ssw0rd123…

生态

可访问 awesome-halo 查看已经适用于 Halo 2.0 的主题和插件,以及适用于 Halo 1.x 的相关仓库。

许可证

Halo 使用 GPL-v3.0 协议开源,请遵守开源协议。

贡献

参考 CONTRIBUTING。

状态

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907