2050 matches found
CVE-2022-31535
CVE-2022-31535 affects the freefood89/Fishtank repository (up to 2015-06-24). The root cause is an unsafe use of Flask’s send_file, which fails to properly filter special elements in resource/file paths, enabling absolute path traversal. As described across multiple sources, this can allow an att...
CVE-2022-31534
The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31533
The CVE-2022-31533 entry concerns the decentraminds/umbral repository up to 2020-01-15, where an absolute path traversal vulnerability arises from an unsafe use of Flask’s send_file. The connected Red Hat CVE entry, NVD/NIST record, and CNNVD/CVE lists corroborate that the issue is tied to path t...
CVE-2022-31532
The dankolbman/travelblahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31532
CVE-2022-31532 describes an absolute path traversal in the project travel_blahg (repository by dankolbman) caused by unsafe usage of Flask’s send_file. Affected: the project up to 2016-01-16. Implication: unauthorized access to file paths may be possible via crafted requests. CVSS data from NVD i...
CVE-2022-31531
The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31531
The CVE-2022-31531 entry concerns the dainst/cilantro repository (GitHub) up to version 0.0.4. Root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. Impacts are noted as partial confidentiality and partial availability (per CVSS), with no explicit exploitation details o...
CVE-2022-31530
The CVE-2022-31530 issue affects the csm-aut/csm repository up to version 3.5. Root cause: unsafe use of Flask’s send_file function, which allows absolute path traversal. Impact: an attacker could access arbitrary files/directories on the file system. The Red Hat, ENISA, CNVD, CVE databases corro...
CVE-2022-31530
The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31529
The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31529
CVE-2022-31529 affects the cinemaproject/monorepo (up to 2021-03-03). The issue is an absolute path traversal caused by unsafe use of Flask send_file, as described across multiple sources. CVSS data from NVD indicates a Network attack with high impact to confidentiality and low to availability, w...
CVE-2022-31528
The bonn-activity-maps/bamannotationtool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31528
The CVE-2022-31528 entry concerns the bonn-activity-maps/bam_annotation_tool repository. Concrete details from connected sources show a path traversal vulnerability caused by unsafe handling of file paths in Flask’s send_file function, affecting versions up to 2021-08-31. The issue enables an att...
CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31527
The CVE-2022-31527 issue affects the Wildog/flask-file-server project up to 2020-02-20, where unsafe use of Flask's send_file allows absolute path traversal. This can enable an attacker to view arbitrary files or directories on the host. Public sources assign CVSS scores (e.g., 6.4/3.1 9.3), but ...
CVE-2022-31526
The CVE-2022-31526 entry concerns the ThundeRatz/ThunderDocs repository up to 2020-05-01, where an unsafe use of Flask send_file enables absolute path traversal. The vulnerability arises from improper handling of file paths, allowing a potential attacker to access files outside the intended direc...
CVE-2022-31526
The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31525
The CVE-2022-31525 issue affects the SummaLabs/DLS repository up to version 0.1.0, where an unsafe use of Flask’s send_file enables absolute path traversal. The available connected sources consistently describe this vulnerability class and attribute the flaw to improper handling of file serving, ...
CVE-2022-31525
The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31524
CVE-2022-31524 affects the PureStorage-OpenConnect/swagger repository up to version 1.1.5. The root cause is the unsafe use of Flask’s send_file, enabling absolute path traversal. Public references (including Red Hat) confirm the same description. The provided documents do not specify an official...