CVE-2020-23038

CVE-2020-23038 affects Swift File Transfer Mobile v1.1.2 and earlier. A path traversal/info-disclosure vulnerability exists in the path parameter, triggered by an error caused by including non-existent path environment variables. The connected sources corroborate that an unauthorized attacker cou...

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

Swift File Transfer Mobile 跨站脚本漏洞

Swift File Transfer Mobile is an application by Kunal Mahajan Personal Developer. It is used to share installed applications, photos, files, folders and videos 8Mbps at high speed without using internet, data cable, mobile data, Wi-Fi, Nfc etc. A cross-site scripting vulnerability exists in Swift...

Directory traversal

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files or Cells files belonging to any user via the nodes parameter for Copy and Move or via the Path parameter for Delete...

CVE-2021-41324

CVE-2021-41324 affects Pydio Cells 2.2.9 and involves a directory traversal vulnerability in Copy, Move, and Delete features. A remote authenticated user can enumerate personal files or other users’ files via the nodes parameter (Copy/Move) or the Path parameter (Delete). Root cause is handling o...

Abstrium Pydio Cells 路径遍历漏洞

Abstrium Pydio Cells is a next-generation file sharing platform developed using the Go language by Abstrium France. A path traversal vulnerability exists in Abstrium Pydio Cells 2.2.9, which allows a remote authenticated user to pass the node parameter for copy and move or pass the path parameter...

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

CVE-2021-40712

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

Input validation

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service...

CVE-2021-40712

CVE-2021-40712 affects Adobe Experience Manager 6.5.x (6.5.9.0 and earlier). The issue is improper input validation on the path parameter, enabling an authenticated attacker to send a malformed POST that causes a server-side denial of service. Severity is reflected as MEDIUM (CVSS v3.1 base score...

Type confusion

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function...

UBUNTU-CVE-2021-23440

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Type confusion

This affects the package set-value before =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays...

Prototype Pollution in object-path

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23436

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...

CVE-2021-23434

Prototype pollution has been discovered in object-path NodeJS library. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'...

DEBIAN-CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...

CVE-2021-23434

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is 'proto'. This is because t...