Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS
Exploits1References7
NVD
NVD
added 2026/05/12 10:16 p.m.23 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/12 9:53 p.m.8 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/24 12:0 a.m.4 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/23 6:52 p.m.13 views

EUVD-2026-25279

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/23 6:52 p.m.7 views

CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

8.7CVSS5.3AI score0.00361EPSS
Exploits0
Rows per page
Query Builder