Lucene search
GoogleOSV:CVE-2023-52288HistoryJan 13, 2024 - 4:15 a.m.
CVE-2023-52288
2024-01-1304:15:08
Google
osv.dev
6
cve-2023-52288
python
directory traversal
get request
arbitrary files
security issue
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
38.6%
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
Related
github
github
Path traversal in flaskcode
2024-01-13 06:30:26
osv
osv
Path traversal in flaskcode
2024-01-13 06:30:26
cve
cve
CVE-2023-52288
2024-01-13 04:15:08
nvd
nvd
CVE-2023-52288
2024-01-13 04:15:08
prion
prion
Directory traversal
2024-01-13 04:15:00
cvelist
cvelist
CVE-2023-52288
2024-01-13 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
38.6%
Related for OSV:CVE-2023-52288