Vulnerability	Vulnerable Version
H Directory Traversal gapless-crypto-clickhouse is a ClickHouse-based cryptocurrency data collection with zero-gap guarantee. 22x faster via Binance public repository with persistent database storage, USDT-margined futures support, and production-ready ReplacingMergeTree schema. Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of the user-supplied `symbol` parameter. The component fails to sanitize directory-navigation characters, allowing attacker-controlled input to resolve outside the intended directory structure. An attacker can exploit this by supplying a crafted `symbol` value that accesses arbitrary files on the server, potentially leading to unauthorized file disclosure or modification. How to fix Directory Traversal? Upgrade `gapless-crypto-clickhouse` to version 4.0.0 or higher.	[,4.0.0)

Directory Traversal

gapless-crypto-clickhouse is a ClickHouse-based cryptocurrency data collection with zero-gap guarantee. 22x faster via Binance public repository with persistent database storage, USDT-margined futures support, and production-ready ReplacingMergeTree schema.

Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of the user-supplied symbol parameter. The component fails to sanitize directory-navigation characters, allowing attacker-controlled input to resolve outside the intended directory structure. An attacker can exploit this by supplying a crafted symbol value that accesses arbitrary files on the server, potentially leading to unauthorized file disclosure or modification.

How to fix Directory Traversal?

Upgrade gapless-crypto-clickhouse to version 4.0.0 or higher.

[,4.0.0)

Go back to all versions of this package