Affected by GO-2023-2012
and 7 other vulnerabilities
GO-2023-2012: lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files in github.com/treeverse/lakefs
GO-2023-2397: User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs
GO-2024-2581: User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository in github.com/treeverse/lakefs
GO-2024-3291: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs
GO-2025-3479: lakeFS allows an authenticated user to cause a crash by exhausting server memory in github.com/treeverse/lakefs
GO-2025-4090: lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefs
GO-2026-4321: lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs
GO-2026-4494: lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs
DeepPush will put any basic Go type on the lua stack. If the value
contains a map or a slice, it will recursively push those values as
tables on the Lua stack.
Supported types are:
| Go | Lua
|-------------------------------------------------------------------------
| nil | nil
| bool | bool
| string | string
| any int | number (float64)
| any float | number (float64)
| any complex | number (real value as float64)
| |
| map[t]t | table, key and val `t` recursively
| | resolved
| |
| []t | table with array properties, with `t`
| | values recursively resolved
Affected by 
Documentation
¶
Source Files