111 matches found
CVE-2024-36427
The file-serving function in TARGIT Decision Suite before 24.06.19002 TARGIT Decision Suite 2024 – June allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal when routing requests to a backend using a PathPrefix, Path, or PathRegex matcher. An attacker can bypass the middleware chain to access backend services by including traversal sequences like /../ in a request. Detai...
OESA-2025-1299 rubygem-rack security update
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...
GHSA-W7F9-WQC4-3WXR Mockoon has a Path Traversal and LFI in the static file serving endpoint
Summary A mock API configuration for static file serving following the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server...
Mockoon has a Path Traversal and LFI in the static file serving endpoint
Summary A mock API configuration for static file serving following the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server...
PT-2025-37089
Name of the Vulnerable Software and Affected Versions: Mockoon versions prior to 9.2.0 Description: Mockoon is a tool used to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving generates the server filename from user input, which is vulnerable to Pa...
GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5
Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...
CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop
Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...
Mesop has a local file Inclusion via static file serving functionality
A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files...
CVE-2024-36427
The file-serving function in TARGIT Decision Suite before 24.06.19002 TARGIT Decision Suite 2024 – June allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file...
CVE-2024-36427
CVE-2024-36427 affects TARGIT Decision Suite prior to 24.06.19002. The file-serving function allows an authenticated attacker to read or write server files via a crafted file request, with potential code execution through a .xview file. Red Hat and other sources corroborate the same description. ...
CVE-2024-36427
The file-serving function in TARGIT Decision Suite before 24.06.19002 TARGIT Decision Suite 2024 – June allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file...
CVE-2024-36427
The file-serving function in TARGIT Decision Suite before 24.06.19002 TARGIT Decision Suite 2024 – June allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file...
GHSA-83PV-QR33-2VCF Litestar and Starlite vulnerable to Path Traversal
Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...
PT-2024-25030 · Litestar · Litestar
Name of the Vulnerable Software and Affected Versions: Litestar versions prior to 2.8.3 Litestar versions prior to 2.7.2 Litestar versions prior to 2.6.4 Description: A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of Litestar, allowing attackers ...
BIT-MOODLE-2023-5548 Moodle: cache poisoning risk with endpoint revision numbers
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection...
AZL-44319 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...
Cache Poisoning
moodle/moodle is vulnerable to Cache Poisoning. The vulnerability exists because the library does not impose any restrictions on the minimum value for a revision. If the revision is either too old or too new, the file content is cached without undergoing any validation through the file serving...
GHSA-CWH2-Q44X-5W3C Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection...
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection...