2043 matches found
CVE-2022-31520
CVE-2022-31520 affects the Luxas98/logstash-management-api repo (up to 2020-05-04). The vulnerability arises from unsafe use of Flask’s send_file, enabling absolute path traversal. This impact is described as partial confidentiality and partial availability (per CVSS metrics). There are no explic...
CVE-2022-31519
The CVE-2022-31519 entry concerns the WindMill project by Lukasavicus (up to version 1.0 and earlier) where an unsafe use of Flask’s send_file enables absolute path traversal. Affected component: Flask-based file delivery in WindMill, leading to potential access to arbitrary files via path traver...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31518
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31518
The CVE-2022-31518 entry concerns the JustAnotherSoftwareDeveloper/Python-Recipe-Database repository. A path traversal flaw exists through 2021-03-31 caused by using Flask’s send_file unsafely. This leads to an absolute path traversal vulnerability in the application, enabling access to files out...
CVE-2022-31517
The CVE-2022-31517 entry concerns the HolgerGraef/MSM repository up to 2021-04-20. Affects the application/component that uses Flask's send_file, where unsafe usage enables absolute path traversal. The root cause is unsafe handling of file paths in send_file, leading to potential access of restri...
CVE-2022-31517
The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31516
Harveyzyh/Python repo (up to 2022-05-04) is vulnerable to absolute path traversal due to unsafe use of Flask send_file, enabling access to arbitrary files. The issue is caused by how send_file is used and is documented across multiple sources (notably Red Hat and NVD entries). The CVSS metrics in...
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31514
CVE-2022-31514 affects the Caoyongqi912/Fan_Platform repository on GitHub up to 2021-04-20, where an absolute path traversal flaw exists due to unsafe use of Flask’s send_file. The vulnerability targets the backend of Fan_Platform, a UI automation platform, by failing to filter file paths, enabli...
CVE-2022-31514
The Caoyongqi912/FanPlatform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31513
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31513
CVE-2022-31513 affects the BolunHan/Krypton project (GitHub) prior to 2021-06-03, where an unsafe use of Flask send_file enables absolute path traversal. The Red Hat and CVE records corroborate the same root cause: unsafely handled file paths allow traversal, potentially impacting confidentiality...
CVE-2022-31512
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31512
CVE-2022-31512 affects the Atom02/flask-mvc repository up to 2020-09-14, where an unsafe use of Flask’s send_file enables absolute path traversal. This can allow a remote attacker to view arbitrary files or cause a denial of service. The vulnerability is confirmed across multiple sources (NVD, Re...
CVE-2022-31511
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31511
CVE-2022-31511 affects the AFDudley/equanimity repository (up to 2014-04-23). The root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. This could let an attacker access arbitrary files/directories on the file system. The connected documents do not specify a patched ver...
CVE-2022-31510
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31510
The CVE-2022-31510 entry concerns the sergeKashkin/Simple-RAT repository (before 2022-05-03) where an unsafe use of Flask send_file enables absolute path traversal. The root cause is improper handling of file paths in the Flask call, leading to potential access to arbitrary files on the server. T...
CVE-2022-31509
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...