2050 matches found
Path traversal
The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
PYSEC-2022-225
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31588
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31588
CVE-2022-31588 describes an absolute path traversal flaw in the zippies/testplatform repository (pre-2016-07-19) caused by unsafe use of Flask’s send_file function. The vulnerability arises from how file paths are handled, enabling an attacker to access arbitrary files on the server. Public refer...
CVE-2022-31587
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31587
CVE-2022-31587 affects the yuriyouzhou/KG-fashion-chatbot repository (up to 2018-05-22). The issue is an absolute path traversal caused by unsafe use of Flask’s send_file, enabling access to unintended files. CVSS data in the provided sources indicate a high impact on confidentiality and a signif...
CVE-2022-31586
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31586
CVE-2022-31586 affects the unizar-30226-2019-06/ChangePop-Back repository. The root cause is unsafe handling of Flask’s send_file, enabling absolute path traversal through 2019-06-04 and earlier code. Connected docs (Red Hat, NVD/CVE pages, CVE lists, CNNVD) corroborate the vulnerability descript...
CVE-2022-31585
CVE-2022-31585 concerns the umeshpatil-dev/Home__internet repository (through 2020-08-28) where absolute path traversal is possible due to unsafe usage of Flask's send_file. Connected feeds (Red Hat, NVD, CVE lists, CNNVD, PRION, etc.) reiterate the issue as an absolute path traversal vulnerabili...
CVE-2022-31584
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31584
The CVE-2022-31584 entry concerns the stonethree/s3label repository (GitHub) up to 2019-08-14, where absolute path traversal is possible due to unsafe use of Flask’s send_file. Connected sources corroborate it as a path traversal vulnerability in the file-serving logic, with no explicit remediati...
CVE-2022-31583
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31583
The CVE-2022-31583 entry documents a path-traversal vulnerability in the sravaniboinepelli/AutomatedQuizEval repository (through 2020-04-27). The root cause is unsafe use of Flask’s send_file, which allows absolute path traversal and potential access to arbitrary files/directories on the file sys...