4 matches found
CVE-2026-42564
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...
CVE-2026-42564
CVE-2026-42564 affects jotty.page (self-hosted notes/checklists app). Before version 1.22.0, there is an unauthenticated path traversal in the /api/app-icons/[filename] endpoint: the filename parameter is directly joined into a filesystem path without traversal/boundary validation, allowing reads...
jotty·page 路径遍历漏洞
Jotty·Page is a self-hosted inventory and note management application developed by fccview. Versions of Jotty·Page prior to 1.22.0 contained a path traversal vulnerability. This vulnerability stems from unauthorized path traversal in the /api/appIcons/filename route, which could lead to file...