6 matches found
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
Gramps Web API 安全漏洞
Gramps Web API is a backend API for genealogy data querying and management, open-sourced by the Gramps Project. Versions of Gramps Web API from 1.6.0 to 3.11.0 contained security vulnerabilities. These vulnerabilities were caused by path traversal in the media archive import function, which could...
gramps-webapi: Zip Slip Path Traversal in Media Archive Import
Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...
PT-2026-32053
Name of the Vulnerable Software and Affected Versions gramps-webapi affected versions not specified Description A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...