16 matches found
CVE-2022-31503
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
EUVD-2022-41775
Malicious code in bioql PyPI...
CVE-2022-39268
Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...
Design/Logic Flaw
Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...
CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance
Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...
CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance
Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user...
PT-2022-24857 · Orchest · Orchest
Name of the Vulnerable Software and Affected Versions: Orchest versions prior to v2022.09.10 Description: The issue allows an attacker to trick an innocent end user into submitting a web request that they did not intend, potentially causing actions such as client or server data leakage, change of...
orchest 跨站请求伪造漏洞
orchest is an Orchest open source repository . It is used to build data pipelines. A cross-site request forgery vulnerability exists in orchest versions v2022.03.7 through v2022.09.9. An attacker could use this vulnerability to obtain client or server data and change the session state or manipula...
CVE-2022-31503
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31503
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31503
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31503
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31503
The CVE affects the orchest/orchest repository prior to version 2022.05.0, where absolute path traversal is possible due to unsafe use of Flask’s send_file function. Impact: potential exposure of filesystem paths. A fix is available in 2022.05.0 or later; upgrade to that release to remediate.
PT-2022-20772 · Orchest · Orchest
Name of the Vulnerable Software and Affected Versions: orchest/orchest versions prior to 2022.05.0 Description: The issue allows absolute path traversal due to the unsafe use of the Flask send file function. Recommendations: For versions prior to 2022.05.0, update to version 2022.05.0 or later to...
orchest 路径遍历漏洞
orchest is an Orchest open source repository . Used to build data pipelines. A path traversal vulnerability exists in versions prior to orchest v2022.05.0, which stems from insecure use of the Flask sendfile function...