4 matches found
Directory Traversal
Overview shamefile is an A cli tool to enforce documentation for code suppressions Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the contents of files outside the intend...
Shamefile has an arbitrary file read via shamefile.yaml in shame next
Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...
GHSA-X6P3-76F2-XXVH Shamefile has an arbitrary file read via shamefile.yaml in shame next
Impact A path traversal vulnerability in shame next allows an attacker-controlled shamefile.yaml to disclose contents of files outside the repository, one line at a time, to the terminal of a user who runs the command. See patch commit for technical details. Patches Fixed in 0.1.7. Upgrade to...
PT-2026-44550
Name of the Vulnerable Software and Affected Versions shamefile versions prior to 0.1.7 Description A path traversal issue in shame next allows an attacker to use a malicious shamefile.yaml to disclose the contents of files located outside the repository. The information is leaked one line at a...