CVE-2022-31508

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31507

CVE-2022-31507 affects the ganga-devs/ganga repository prior to 8.5.10. The vulnerability is an absolute path traversal caused by unsafe use of Flask send_file, enabling access to unintended files via absolute paths. Documentation from Red Hat, GHSA, OSV, and Veracode-affiliated entries consisten...

CVE-2022-31507

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31506

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31506

The CVE-2022-31506 entry concerns the cmusatyalab/opendiamond repository up to version 10.1.1, where an unsafe use of Flask's send_file enables absolute path traversal. The underlying issue is improper sanitization/validation when serving files, allowing an attacker to access arbitrary files on t...

CVE-2022-31505

The CVE-2022-31505 entry covers a path traversal vulnerability in the open-source repository cheo0/MercadoEnLineaBack, present through 2022-05-04. Affected component: the server-side Flask application’s use of send_file, which is described as unsafe and leads to absolute path traversal. This coul...

CVE-2022-31505

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31504

CVE-2022-31504 concerns the ChangeWeDer/BaiduWenkuSpider_flaskWeb repository, with a path traversal vulnerability caused by using Flask’s send_file unsafely. The issue exists in versions prior to 2021-11-29 and can enable an attacker to perform absolute path traversal to view arbitrary files on t...

CVE-2022-31503

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31503

The CVE affects the orchest/orchest repository prior to version 2022.05.0, where absolute path traversal is possible due to unsafe use of Flask’s send_file function. Impact: potential exposure of filesystem paths. A fix is available in 2022.05.0 or later; upgrade to that release to remediate.

CVE-2022-31502

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31502

CVE-2022-31502 is a path-traversal vulnerability in the operatorequals/wormnest repository up to version 0.4.7, caused by unsafe use of Flask send_file that enables absolute path traversal. The issue is documented across multiple sources (NVD, Red Hat, OSV etc.), with the core detail that an atta...

CVE-2022-31501

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31501

The CVE-2022-31501 entry concerns the ChaoticOnyx/OnyxForum repository prior to 2022-05-04, where absolute path traversal is possible due to unsafe use of Flask’s send_file. Affected component: OnyxForum’s server-side file delivery (Flask). Root cause: improper handling in send_file usage enablin...

movie-review-sentiment-analysis 路径遍历漏洞

movie-review-sentiment-analysis is used by Rohit Nayak, an individual developer, to perform sentiment analysis on IMDB movie reviews in order to categorize them as positive or negative reviews. A security vulnerability exists in movie-review-sentiment-analysis version 2017-05-07 and earlier, whic...

internshipsystem 路径遍历漏洞

internshipsystem is a student internship system for schools by wlwl individual developers. A security vulnerability exists in internshipsystem version 2018-05-22 and prior versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

sleep-learner 路径遍历漏洞

sleep-learner is a Canadian Yutong personal developer used to try to play recordings while a person sleeps in order to convey a message. A security vulnerability exists in sleep-learner version 2021-02-21 and earlier versions, which stems from an incorrect call to Flask's sendfile function that...

iasset 路径遍历漏洞

iasset is a repository by Ralph Zhang, a personal developer. iasset has a security vulnerability in version 2022-05-04 and earlier that stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

mp-m08-interface 路径遍历漏洞

mp-m08-interface is a repository by the individual developer João Pedro in Brazil. A security vulnerability exists in mp-m08-interface version 2020-12-10 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

VideoServer 路径遍历漏洞

VideoServer is a python3 UPnP/DLNA video server open source by shaolo1. VideoServer in 2019-09-21 and previous versions of a security vulnerability , the vulnerability stems from Flask's sendfile function is used insecurely to allow absolute path traversal...