Lucene search
GoogleOSV:CVE-2023-52289HistoryJan 13, 2024 - 4:15 a.m.
CVE-2023-52289
2024-01-1304:15:08
Google
osv.dev
4
cve-2023-52289
python
directory traversal
file write
unauthenticated
post request
views.py
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
18.0%
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
Related
cvelist
cvelist
CVE-2023-52289
2024-01-13 00:00:00
osv
osv
Path traversal in flaskcode
2024-01-13 06:30:26
github
github
Path traversal in flaskcode
2024-01-13 06:30:26
prion
prion
Directory traversal
2024-01-13 04:15:00
nvd
nvd
CVE-2023-52289
2024-01-13 04:15:08
cve
cve
CVE-2023-52289
2024-01-13 04:15:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
18.0%
Related for OSV:CVE-2023-52289