9 matches found
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258
CVE-2026-40258 affects Gramps Web API (gramps-webapi). Versions 1.6.0–3.11.0 contain a Zip Slip path traversal vulnerability in the media archive import feature. An authenticated user with owner-level privileges can craft a ZIP with directory-traversal filenames to write arbitrary files outside t...
Directory Traversal
Overview gramps-webapi is an A RESTful web API for the Gramps genealogical database. Affected versions of this package are vulnerable to Directory Traversal via the MediaImporter.checkdiskspaceandextract function. An attacker can write arbitrary files outside the intended extraction directory by...
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
GHSA-M5GR-86J6-99JP gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
GHSA-9GJV-JVM7-VV2V Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users
Summary Users with the Guest role could receive private sub-object data e.g. private alternate names, private addresses, private note/citation/media handles through list API endpoints such as GET /api/people/, GET /api/places/, GET /api/events/, and all other object list endpoints. This does not...