CVE-2022-31557

CVE-2022-31557 involves the seveas/golem repository (up to 2016-05-17) where an unsafe use of Flask’s send_file enables absolute path traversal. The issue is documented across multiple sources, indicating a path traversal flaw in that code path. The CVSS data (2.0/3.1) suggests confidentiality im...

CVE-2022-31556

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31556

The CVE-2022-31556 entry concerns the rusyasoft/TrainEnergyServer repository (up to 2017-08-03). Affected component: Flask’s send_file usage, which is described as unsafe. Root cause: improper handling in send_file leads to absolute path traversal. Impact stated across sources: potential exposure...

CVE-2022-31555

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31555

CVE-2022-31555 affects the romain20100/nursequest repo up to 2018-02-22, where absolute path traversal can occur due to unsafe use of Flask send_file. The NVD entry lists CVSS v2 base score 6.4 (Partial impact on confidentiality/availability) and CVSS v3.1 base score 9.3 (High confidentiality imp...

CVE-2022-31554

CVE-2022-31554 affects the rohitnayak/movie-review-sentiment-analysis repository on GitHub, up to 2017-05-07. The underlying issue is an unsafe use of Flask’s send_file function, enabling absolute path traversal. CVSS data available in the connected records indicate: CVSS v3.1 base score 9.3 (CRI...

CVE-2022-31553

CVE-2022-31553 affects the rainsoupah/sleep-learner repository (up to 2021-02-21). The vulnerability is caused by unsafe use of Flask's send_file, enabling absolute path traversal. NVD lists CVSSv2 base 6.4 (MEDIUM) and CVSSv3.1 base 9.3 (CRITICAL); impact includes partial confidentiality and ava...

CVE-2022-31553

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31552

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31552

The CVE-2022-31552 entry relates to the project-anuvaad/anuvaad-corpus, where the repository up to 2020-11-23 allows absolute path traversal due to unsafe usage of Flask send_file. Multiple connected sources (Red Hat, CNVD, CVE databases, CNVD, PRION, etc.) describe the vulnerability as a path tr...

CVE-2022-31551

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31551

The CVE-2022-31551 entry covers the pleomax00/flask-mongo-skel repository up to 2012-11-01 where absolute path traversal is possible due to unsafe use of Flask’s send_file. The root cause is the failure to properly filter resource/file paths in send_file, enabling access to arbitrary files/direct...

CVE-2022-31550

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31550

The CVE-2022-31550 entry concerns the olmax99/pyathenastack repository (up to 2019-11-08) where absolute path traversal can be triggered by an unsafe use of Flask’s send_file function. Multiple sources (NVD, Red Hat, PRION/CVE aggregators, CVE lists, CNNVD) corroborate that the vulnerability aris...

CVE-2022-31549

CVE-2022-31549 affects the olmax99/helm-flask-celery repository prior to 2022-05-25. The vulnerability is an absolute path traversal caused by unsafe use of Flask’s send_file, enabling access to unintended files. Multiple sources (NVD, Red Hat advisory, OSV, CVE listings) corroborate the issue. T...

CVE-2022-31549

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31548

CVE-2022-31548 affects the nrlakin/homepage repository up to 2017-03-06. The root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. This leads to potential unauthorized access to files outside the intended directory, as described across Red Hat and CVE/NVD records. Publi...

CVE-2022-31548

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31547

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31547

The CVE-2022-31547 entry concerns the noamezekiel/sphere repository (up to 2020-05-31) where Flask’s send_file is used unsafely, enabling absolute path traversal. Red Hat and other feeds corroborate the flaw in sphere, with vulnerability described as an absolute path traversal due to unsafe send_...