3 matches found
CVE-2022-31505
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31505
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31505
The CVE-2022-31505 entry covers a path traversal vulnerability in the open-source repository cheo0/MercadoEnLineaBack, present through 2022-05-04. Affected component: the server-side Flask application’s use of send_file, which is described as unsafe and leads to absolute path traversal. This coul...