Lucene search
MitreCVE-2023-52289HistoryJan 13, 2024 - 4:15 a.m.
CVE-2023-52289
2024-01-1304:15:08
CWE-22
mitre
web.nvd.nist.gov
19
cve-2023-52289
flaskcode
directory traversal
python
security vulnerability
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
18.0%
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
Affected configurations
Node
sujeetkvflaskcodeRange≤0.0.8python
Related
osv
osv
CVE-2023-52289
2024-01-13 04:15:08
Path traversal in flaskcode
2024-01-13 06:30:26
cvelist
cvelist
CVE-2023-52289
2024-01-13 00:00:00
github
github
Path traversal in flaskcode
2024-01-13 06:30:26
prion
prion
Directory traversal
2024-01-13 04:15:00
nvd
nvd
CVE-2023-52289
2024-01-13 04:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
18.0%
Related for CVE-2023-52289