16 matches found
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
CVE-2026-27641
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
EUVD-2026-8616
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection...
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Impact A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds 1. Do not...
coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)
flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: OSV:GHSA-65MP-FQ8V-56JR...
GHSA-65MP-FQ8V-56JR Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Impact A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds 1. Do not...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Flask-Reuploaded is a Flexible and efficient upload handling for Flask Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the name parameter. An attacker can write arbitrary files and execute code on the server by...
coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)
flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: SNYK:PYTHON-FLASKREUPLOADED-15363340...
CVE-2026-27641
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
CVE-2026-27641
CVE-2026-27641 affects the Flask-Reuploaded package used with Flask. The vulnerability is a critical path traversal and extension bypass in versions prior to 1.5.0, enabling remote attackers to perform arbitrary file writes and remote code execution via Server-Side Template Injection (SSTI). The ...
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
CVE-2026-27641
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...
flask-reuploaded 安全漏洞
Flask-Reuploaded is a file upload service software developed by Jürgen Gmach. Versions of Flask-Reuploaded prior to 1.5.0 contained security vulnerabilities, which were caused by path traversal and extension bypassing mechanisms. These vulnerabilities could lead to arbitrary file writing and remo...
PT-2026-21857
Name of the Vulnerable Software and Affected Versions Flask-Reuploaded versions prior to 1.5.0 Description Flask-Reuploaded, a file upload package for Flask, contains a path traversal and extension bypass flaw. This allows remote attackers to perform arbitrary file writes and achieve remote code...