2050 matches found
CVE-2022-31581
The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31580
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31580
The CVE-2022-31580 case applies to the caretakerr-api Flask API (Sanoj Tharindu) and is caused by unsafe usage of Flask’s send_file, enabling absolute path traversal. Affected as of 2021-05-17 and earlier builds of caretakerr-api, the vulnerability allows an attacker to access arbitrary files on ...
CVE-2022-31579
The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31578
The CVE-2022-31578 issue affects the piaoyunsoft/bt_lnmp repository (GitHub) where unsafe use of Flask send_file enables absolute path traversal. The root cause is improper filtering of path elements, allowing an attacker to access arbitrary files and directories on the host filesystem. Affected ...
CVE-2022-31578
The piaoyunsoft/btlnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31577
The CVE-2022-31577 entry concerns an absolute path traversal in the longmaoteamtf/audio_aligner_app repository (up to 2020-01-10). The vulnerability arises from unsafe use of Flask’s send_file, which can fail to filter resources or file paths, allowing attackers to access arbitrary files and dire...
CVE-2022-31577
The longmaoteamtf/audioalignerapp repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31576
CVE-2022-31576 involves the shackerpanel repository. The issue is an absolute path traversal flaw caused by unsafe use of Flask’s send_file function, affecting the project through 2021-05-25. The Red Hat, NVD, CVE listing and related records reiterate the same description. Impact is described as ...
CVE-2022-31576
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31575
The CVE-2022-31575 entry concerns the duducosmos/livro_python repository (through 2018-06-06). The vulnerability is an absolute path traversal caused by unsafe use of Flask send_file. Impact is described by NVD CVSS metrics: CVSS v3.1 base score 9.3 (CRITICAL) with network attack vector, no privi...
CVE-2022-31575
The duducosmos/livropython repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31574
The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31574
CVE-2022-31574 affects the repository deepaliupadhyay/RealEstate (through 2018-11-30 on GitHub). The vulnerability is a path traversal due to the unsafe use of Flask’s send_file function, enabling improper access to files outside the intended directory. Multiple connected sources (NVD, Red Hat, P...
CVE-2022-31572
The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31572
CVE-2022-31572 affects the ceee-vip/cockybook repository (through 2015-04-16) where absolute path traversal is possible due to unsafe use of Flask send_file. The issue is described as an insecure file access route that can expose files outside the intended directory. CVSS metrics in the initial r...
CVE-2022-31571
The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31571
The CVE-2022-31571 entry concerns the akashtalole/python-flask-restful-api repository (GitHub) where an absolute path traversal is possible due to unsafe use of Flask send_file. This vulnerability is documented across multiple sources (NVD, Red Hat, CVE List, PRION, CNVD, etc.), with the core iss...
CVE-2022-31570
CVE-2022-31570 affects the adriankoczuruek/ceneo-web-scrapper repository; the vulnerability arises from unsafe use of Flask’s send_file, enabling absolute path traversal. This could allow access to arbitrary files/directories on the filesystem. Connected Red Hat and CNVD entries corroborate the p...
CVE-2022-31570
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...