CVE-2022-31501

The CVE-2022-31501 entry concerns the ChaoticOnyx/OnyxForum repository prior to 2022-05-04, where absolute path traversal is possible due to unsafe use of Flask’s send_file. Affected component: OnyxForum’s server-side file delivery (Flask). Root cause: improper handling in send_file usage enablin...

movie-review-sentiment-analysis 路径遍历漏洞

movie-review-sentiment-analysis is used by Rohit Nayak, an individual developer, to perform sentiment analysis on IMDB movie reviews in order to categorize them as positive or negative reviews. A security vulnerability exists in movie-review-sentiment-analysis version 2017-05-07 and earlier, whic...

internshipsystem 路径遍历漏洞

internshipsystem is a student internship system for schools by wlwl individual developers. A security vulnerability exists in internshipsystem version 2018-05-22 and prior versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

sleep-learner 路径遍历漏洞

sleep-learner is a Canadian Yutong personal developer used to try to play recordings while a person sleeps in order to convey a message. A security vulnerability exists in sleep-learner version 2021-02-21 and earlier versions, which stems from an incorrect call to Flask's sendfile function that...

iasset 路径遍历漏洞

iasset is a repository by Ralph Zhang, a personal developer. iasset has a security vulnerability in version 2022-05-04 and earlier that stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

mp-m08-interface 路径遍历漏洞

mp-m08-interface is a repository by the individual developer João Pedro in Brazil. A security vulnerability exists in mp-m08-interface version 2020-12-10 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

VideoServer 路径遍历漏洞

VideoServer is a python3 UPnP/DLNA video server open source by shaolo1. VideoServer in 2019-09-21 and previous versions of a security vulnerability , the vulnerability stems from Flask's sendfile function is used insecurely to allow absolute path traversal...

flask-mvc 路径遍历漏洞

flask-mvc is a repository by the individual developer Candra Nur Ihsan. A security vulnerability exists in flask-mvc version 2020-09-14 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

cilantro 路径遍历漏洞

cilantro is an open source task runner from Deutsches Archäologisches Institut in Germany. Designed to manage long running distributed jobs that operate on file system objects . cilantro version 0.0.4 and earlier versions of a security vulnerability , the vulnerability stems from Flask's sendfile...

Krypton 路径遍历漏洞

Krypton is a KryptoCurrency data relay service by Bolun Han Personal Developer. A security vulnerability exists in Krypton version 2021-06-03 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

TrainEnergyServer 路径遍历漏洞

TrainEnergyServer is a train energy server by an individual developer in Rustam, South Korea. A security vulnerability exists in GitHub's rusyasoft/TrainEnergyServer project version 2017-08-03 and earlier, which stems from an incorrect call to Flask's sendfile function resulting in absolute path...

kotekan 路径遍历漏洞

kotekan is a high performance radio data processing pipeline from kotekan open source. A security vulnerability exists in kotekan version 2021.11 and earlier versions, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

sphere 路径遍历漏洞

sphere is a Python library that implements the Brain Command Interface System by the individual developer Noam Ezekiel. A security vulnerability exists in sphere version 2020-05-31 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

photo_tag 路径遍历漏洞

phototag is a photo tagging tool by the individual developer of Boring YiBa. A security vulnerability exists in phototag version 2020-08-31 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

OpenMF 路径遍历漏洞

OpenMF is an open source mobile forensic investigation tool for the Android platform open sourced by SCoRe Lab. OpenMF has a security vulnerability in version 2022-05-03 and earlier that stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

ThunderDocs 路径遍历漏洞

ThunderDocs is an open source tool from the ThundeRatz Robotics Team. Google Docs permissions can be accessed on the desktop to easily view, create, upload and download documents. ThunderDocs version 2020-05-01 and earlier versions have a security vulnerability that stems from an incorrect call t...

umbral 路径遍历漏洞

umbral is a NuCypher API open-sourced by decentraminds.ai for applying proxy re-encryption on decentralized marketplaces. A security vulnerability exists in umbral version 2020-01-15 and earlier, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...

syrabond 路径遍历漏洞

syrabond is an MQTT-based smart home system. A security vulnerability exists in syrabond version 2020-05-25 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

munhak-moa 路径遍历漏洞

munhak-moa is a literary platform for woduq1414 individual developers. A security vulnerability exists in munhak-moa, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

Sphere_ImageBackend 路径遍历漏洞

SphereImageBackend is an image processing repository by the individual developer Varij Kapil in Germany. A security vulnerability exists in SphereImageBackend version 2019-10-03 and earlier, which stems from an incorrect call to Flask's sendfile function leading to absolute path traversal...