Lucene search
+L

37 matches found

Positive Technologies
Positive Technologies
added 2025/03/11 12:0 a.m.6 views

PT-2025-37089

Name of the Vulnerable Software and Affected Versions: Mockoon versions prior to 9.2.0 Description: Mockoon is a tool used to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving generates the server filename from user input, which is vulnerable to Pa...

7.5CVSS6.4AI score0.0166EPSS
Exploits0References11
OSV
OSV
added 2024/12/13 8:59 p.m.7 views

GO-2024-3293 Full access to the host's OS file system using osfs.FS with Router.Static in goyave.dev/goyave/v5

Static file serving using router.Static and osfs.FS allows clients to access any file on the host file system using relative paths because the requested path is not sanitized and . and .. segments are accepted. The files will be returned as a response, provided the system user running the Go...

6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/09/18 5:49 p.m.21 views

Mesop has a local file Inclusion via static file serving functionality

A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validation in a specific endpoint. This could have allowed an attacker to access files...

7.5CVSS6.8AI score0.0028EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/06 2:20 p.m.37 views

GHSA-83PV-QR33-2VCF Litestar and Starlite vulnerable to Path Traversal

Summary Local File Inclusion via Path Traversal in LiteStar Static File Serving A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to...

8.2CVSS8.8AI score0.00722EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-25030

Name of the Vulnerable Software and Affected Versions Litestar versions prior to 2.8.3 Litestar versions prior to 2.7.2 Litestar versions prior to 2.6.4 Description A Local File Inclusion LFI vulnerability has been discovered in the static file serving component of Litestar, allowing attackers to...

8.2CVSS7AI score0.00722EPSS
Exploits0References16
OSV
OSV
added 2024/01/29 11:15 p.m.4 views

AZL-44319 CVE-2024-23334 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.6AI score0.76875EPSS
Exploits15References1
Snyk
Snyk
added 2022/12/07 4:8 p.m.5 views

Directory Traversal

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report: On Windows, restricted files can be accessed via os.DirFS and http.Dir.The os.DirFS function and http.Dir type provide access to a...

8.7CVSS7.6AI score0.0119EPSS
Exploits0References3
OSV
OSV
added 2022/10/05 6:2 p.m.17 views

GO-2022-1027 Path traversal in github.com/cloudwego/hertz

Improper path sanitization on Windows permits path traversal attacks. Static file serving with the Static or StaticFS functions allows an attacker to access files from outside the filesystem root. This vulnerability does not affect non-Windows systems...

7.5CVSS7.4AI score0.00876EPSS
Exploits1References2
Snyk
Snyk
added 2021/12/17 7:59 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal if an unintended user is able to gain access to the diagnostic route, which may lead to information disclosure. Note: This only applies when MessageBus::Diagnostics is enabled it is not enabled by default. Details A...

6.5CVSS7.5AI score0.01869EPSS
Exploits0References2
Snyk
Snyk
added 2020/06/20 12:38 p.m.6 views

Directory Traversal

Overview rollup-plugin-server is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. PoC by JHU System Security Lab 1. Create a serv...

7.5CVSS7.5AI score0.01768EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.7 views

jetty: full server path revealed when using the default Error Handling

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS7.2AI score0.04328EPSS
Exploits0References4
OSV
OSV
added 2018/09/11 2:45 p.m.4 views

SUSE-SU-2018:2689-1 Security update for spark

This update for spark fixes the following security issue: - CVE-2018-9159: Fix a security problem in the serving of static files. bsc1087837...

5.3CVSS6.3AI score0.046EPSS
Exploits0References3
OSV
OSV
added 2018/06/27 5:29 p.m.3 views

DEBIAN-CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS6.3AI score0.04328EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.36 views

CVE-2017-16224

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...

6.2AI score0.00879EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/04/03 9:2 p.m.4 views

Spark: Directory traversal vulnerability in version 2.5

A path traversal issue was found in Spark version 2.5 and potentially earlier versions. The vulnerability resides in the functionality to serve static files where there's no protection against directory traversal attacks. This could allow attackers access to private files including sensitive data...

7.5CVSS5.7AI score0.05074EPSS
Exploits1References5
PyPA
PyPA
added 2015/01/16 4:59 p.m.6 views

PYSEC-2015-6

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS6.8AI score0.04334EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2015/01/13 12:0 a.m.2 views

UBUNTU-CVE-2015-0221

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

5CVSS5.8AI score0.04334EPSS
Exploits1References4
Rows per page
Query Builder