Lucene search
K

32 matches found

CNNVD
CNNVD
added 2025/02/20 12:0 a.m.5 views

graphql-mesh 路径遍历漏洞

graphql-mesh is an application by Arda TANRIKULU Individual Developer. A path traversal vulnerability exists in graphql-mesh, which stems from a lack of checks in the static file handler that could lead to arbitrary file reads and leak server data...

7.5CVSS6.5AI score0.00336EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/11/07 8:54 a.m.4 views

python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations

A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL...

6.1CVSS7.4AI score0.01132EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/02/16 6:41 p.m.37 views

Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler

Summary Missing check vulnerability in the static file handler allows any client to access the files in the server's file system Details When staticFiles is set in the serve settings in the configuration file, the following handler doesn't check if absolutePath is still under the directory provid...

7.5CVSS0.00336EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2023/02/16 6:37 p.m.18 views

GO-2023-1567 Open redirect in github.com/caddyserver/caddy/v2

Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

6.1CVSS6.1AI score0.01431EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/12/07 6:30 p.m.17 views

Echo vulnerable to directory traversal

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

5.3CVSS5.3AI score0.01335EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/07 6:30 p.m.27 views

GHSA-J453-HM5X-C46W Echo vulnerable to directory traversal

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

5.3CVSS5AI score0.01335EPSS
Exploits1References5
OSV
OSV
added 2022/12/07 5:15 p.m.2 views

UBUNTU-CVE-2020-36565

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

5.3CVSS5.8AI score0.01335EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.3 views

labstack echo 路径遍历漏洞

labstack echo is the high-performance, minimalist Go Web framework. A security vulnerability exists in the previous version of labstack echo v4.1.18-0.20201215153152-4422e3b66b9f, which stems from incorrect cleanup of user input on Windows, where the static file handler allows for directory...

5.3CVSS5.7AI score0.01335EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.8 views

PT-2022-23818 · Unknown · Patrickfuller Camp

Name of the Vulnerable Software and Affected Versions: patrickfuller camp versions up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 Description: The issue concerns Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root director...

9.8CVSS9.3AI score0.49201EPSS
Exploits3References9
OSV
OSV
added 2021/04/14 8:4 p.m.24 views

GO-2021-0051 Directory traversal on Windows in github.com/labstack/echo/v4

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

5.3CVSS5AI score0.01335EPSS
Exploits1References2
OSV
OSV
added 2021/04/14 8:4 p.m.27 views

GO-2020-0039 Open redirect in gopkg.in/macaron.v1

Due to improper request sanitization, a specifically crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks...

6.1CVSS6.1AI score0.01375EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.2 views

PT-2021-12080 · Unknown · Static File Handler

Name of the Vulnerable Software and Affected Versions: Static File Handler affected versions not specified Description: The issue arises from improper sanitization of user input on Windows, allowing the static file handler to permit directory traversal. This enables an attacker to read files...

5.3CVSS4.9AI score0.01335EPSS
Exploits1References12
Rows per page
Query Builder