4 matches found
CVE-2026-15699 spencermountain compromise Public Root API extend.js nlp.extend prototype pollution
A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remot...
CVE-2022-25937
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715...
glance 路径遍历漏洞
glance is a dictionary visualization repository open-sourced by nlpweb. A security vulnerability exists in versions prior to glance 3.0.9 that stems from the presence of a directory traversal that allows users to read files outside of the public root directory...
Directory Traversal
Overview glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715. PoC Run...