Lucene search
K

6 matches found

Veracode
Veracode
added 2026/05/30 7:26 a.m.8 views

Path Traversal

compliance-trestle is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths, which allows an attacker to exploit path traversal and write arbitrary files to unintended locations on the filesystem...

5.9AI score0.0005EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/28 7:1 p.m.6 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the rendertemplate method. An attacker can execute...

8.5CVSS5.9AI score0.00022EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 6:27 p.m.5 views

Server-side Request Forgery (SSRF)

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTPSFetcher.dofetch function. A user can access internal services or cloud metadata...

7.1CVSS5.4AI score0.00012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 10:57 p.m.18 views

compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

6.4AI score0.00047EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/27 10:57 p.m.7 views

Directory Traversal

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal through remote cache fetching. An attacker can write arbitrary files to locations outside the intended cache...

8.8CVSS6.3AI score0.00047EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/07/25 11:15 p.m.7 views

animalia (>=0.0.27 <=0.0.28), appyratus (>=3.0.3 <=3.0.4) +35 more potentially affected by CVE-2022-34749 via mistune (>=2.0.0a4 <=2.0.2)

mistune PYPI version =2.0.0a4, =0.0.27, =3.0.3, =0.1.0, =0.11.0, =0.20.7, =0.0.5, =0.0.13, =1.0.18, =0.0.1, =0.1.3 - datapackage-pipelines-spss =0.0.2a0 - embryo =3.0.1 and more Source cves: CVE-2022-34749 Source advisory: OSV:PYSEC-2022-237...

7.5CVSS6.8AI score0.01215EPSS
Exploits0
Rows per page
Query Builder