Path traversal

2022-07-1101:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CPENameOperatorVersion
usap-dc_web_submission_and_dataset_searchle1.0.1

CPE	Name	Operator	Version
	usap-dc_web_submission_and_dataset_search	le	1.0.1

References

github.com/github/securitylab/issues/669