26 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the currentDirectory parameter in the media upload process. An attacker can achieve arbitrary code execution and full server compromise by uploading a crafted file containing executable code to a location outside...
CVE-2017-18874
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...
GO-2025-4187 Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...
EUVD-2025-12224
Malicious code in bioql PyPI...
EUVD-2025-26598
Malicious code in bioql PyPI...
GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read
Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...
CVE-2025-58351 Outline's Local File Storage Feature can Cause CSP Bypass
Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that...
CVE-2025-32952
The CVE-2025-32952 affects Jmix local file storage (io.jmix.localfs:jmix-localfs) across Jmix 1.x and 2.x releases: versions 1.0.0–1.6.1 and 2.0.0–2.3.4 fail to enforce file size limits on uploads, enabling an attacker to upload excessively large files and potentially exhaust server disk space, c...
CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...
CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...
CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...
CVE-2025-32950
Summary (CVE-2025-32950): Jmix (v1.0.0–v1.6.1 and v2.0.0–v2.3.4) is vulnerable to path traversal via the FileRef parameter. An attacker could read arbitrary files on the host if the application server has sufficient permissions, by modifying FileRef in the database or by supplying a crafted value...
CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...
GHSA-F3GV-CWWH-758M io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...
GHSA-JX4G-3XQM-62VH io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Impact Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful...
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Impact Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful...
PT-2025-17575 · Unknown · Cuba Platform
Name of the Vulnerable Software and Affected Versions: CUBA Platform versions prior to 7.2.23 Description: The local file storage implementation in CUBA Platform does not restrict the size of uploaded files, allowing an attacker to upload excessively large files. This could cause the server to ru...
PT-2025-17574
Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The local file storage implementation in Jmix does not restrict the size of uploaded files, allowing an attacker to upload excessively large files and potentially...
Mattermost Server does not prevent System Admin from arbitrary file creation
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files...