2043 matches found
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31541
The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31540
CVE-2022-31540 affects the kumardeepak/hin-eng-preprocessing repository, wherein an unsafe use of Flask’s send_file through 2019-07-16 enables absolute path traversal. The issue is documented across multiple sources (NVD, Red Hat, CVE lists) with CVSS metrics indicating a high impact on confident...
CVE-2022-31540
The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31539
The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31539
The CVE-2022-31539 entry applies to the kotekan/kotekan repository up to version 2021.11 on GitHub, where Flask’s send_file is used unsafely. This creates an absolute path traversal vulnerability in file serving, according to Red Hat, NVD/NVD-derived records, OSV, CVE list, and related sources in...
CVE-2022-31538
CVE-2022-31538 affects the repository joaopedro-fg/mp-m08-interface (up to 2020-12-10 on GitHub). The underlying issue is an absolute path traversal caused by unsafe use of Flask’s send_file function. Multiple connected sources (Red Hat advisory, CVE listings, CNNVD/CVE records) confirm the same ...
CVE-2022-31538
The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31537
The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31537
The CVE-2022-31537 issue affects the Solar-system-simulator project by jmcginty15 (GitHub), with vulnerability described as absolute path traversal caused by an unsafe use of Flask’s send_file function in versions up to 2021-07-26. The Red Hat entry reiterates the same: unsafe send_file use enabl...
CVE-2022-31536
The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31536
CVE-2022-31536 affects the repository by jaygarza1982/ytdl-sync up to 2021-01-02, where an unsafe use of Flask’s send_file enables absolute path traversal. Documented impact includes partial confidentiality/partial availability (CVSS v3.1 base score 9.3; network attack, no privileges, no user int...
CVE-2022-31535
The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31535
CVE-2022-31535 affects the freefood89/Fishtank repository (up to 2015-06-24). The root cause is an unsafe use of Flask’s send_file, which fails to properly filter special elements in resource/file paths, enabling absolute path traversal. As described across multiple sources, this can allow an att...
CVE-2022-31534
The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31533
The CVE-2022-31533 entry concerns the decentraminds/umbral repository up to 2020-01-15, where an absolute path traversal vulnerability arises from an unsafe use of Flask’s send_file. The connected Red Hat CVE entry, NVD/NIST record, and CNNVD/CVE lists corroborate that the issue is tied to path t...
CVE-2022-31532
The dankolbman/travelblahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31532
CVE-2022-31532 describes an absolute path traversal in the project travel_blahg (repository by dankolbman) caused by unsafe usage of Flask’s send_file. Affected: the project up to 2016-01-16. Implication: unauthorized access to file paths may be possible via crafted requests. CVSS data from NVD i...
CVE-2022-31531
The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31531
The CVE-2022-31531 entry concerns the dainst/cilantro repository (GitHub) up to version 0.0.4. Root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. Impacts are noted as partial confidentiality and partial availability (per CVSS), with no explicit exploitation details o...