2050 matches found
CVE-2022-31568
The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31568
The CVE-2022-31568 entry concerns the Rexians/rex-web project, where absolute path traversal is possible due to unsafe use of Flask send_file. This is confirmed across sources (NVD, Red Hat, CVE List, CNNVD) with descriptions indicating the vulnerability stems from improper handling of file paths...
CVE-2022-31567
The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31567
CVE-2022-31567 affects the DSABenchmark/DSAB repository (versions up to 2.1). The root cause is unsafe use of Flask send_file, enabling absolute path traversal. Documented impact indicates potential partial confidentiality and low- to high-impact conditions (per CVSS metrics: CVSSv2 base score 6....
CVE-2022-31566
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31566
CVE-2022-31566 : The DSAB-local/DSAB repository (up to 2019-02-18) suffers an absolute path traversal due to unsafe usage of Flask send_file, enabling access to arbitrary files on the file system. The vulnerability is reflected across multiple feeds (NVD, Red Hat, CNVD, CVE lists) with impact des...
CVE-2022-31565
The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31565
CVE-2022-31565 concerns absolute path traversal in the yogson/syrabond repository (up to 2020-05-25) caused by unsafe use of Flask’s send_file. Red Hat, NVD and CVE records corroborate the same issue across multiple feeds. The vulnerability stems from how send_file is invoked, enabling an attacke...
CVE-2022-31564
The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31564
The CVE-2022-31564 entries affect the woduq1414/munhak-moa repository (before 2022-05-03) where unsafe usage of Flask’s send_file enables absolute path traversal. The vulnerability arises from how file paths are processed, potentially allowing access to arbitrary files. Public references confirm ...
CVE-2022-31563
The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31563
CVE-2022-31563 affects the whmacmac/vprj repository (up to 2022-04-06). It is due to an unsafe use of Flask send_file, enabling absolute path traversal. NVD/V3.1 metrics indicate a high-severity impact with confidentiality loss (C:H) and a base score of 9.3, network attack vector, no privileges r...
CVE-2022-31562
The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31562
The CVE-2022-31562 entry is linked to the waveyan/internshipsystem repository prior to 2018-05-22, where an unsafe use of Flask’s send_file enables absolute path traversal. Documented details specify that the vulnerability stems from how send_file is called, allowing traversal of the host filesys...
CVE-2022-31561
CVE-2022-31561 affects the Sphere_ImageBackend project (varijkapil13) and is due to unsafe use of Flask’s send_file, enabling absolute path traversal. Reported for versions up to 2019-10-03. This vulnerability can allow unauthorized access to files outside the intended directory. Documented CVSS ...
CVE-2022-31561
The varijkapil13/SphereImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31560
The uncleYiba/phototag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31559
CVE-2022-31559 affects the tsileo/flask-yeoman repository (up to 2013-09-13). The vulnerability arises from unsafe use of Flask's send_file function, enabling absolute path traversal. Public details describe a path-traversal flaw that could impact confidentiality and availability (per CVSS metric...
CVE-2022-31559
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31558
The tooxie/shiva-server project (GitHub) up to version 0.10.0 is affected by an absolute path traversal due to unsafe use of Flask’s send_file. This is corroborated by multiple sources (NVD, Red Hat, GHSA advisory, OSV, CVE CVE lists). Impact: potential unauthorized access to files via network ac...