GHSA-HHGJ-GG9H-RJP7 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal

Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...

TinaCMS 路径遍历漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.1.2 contained a path traversal vulnerability. This vulnerability stemmed from the use of path.join to combine paths without verifying that the resolved path remained within...

UBUNTU-CVE-2023-41040

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the .git directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the .git...

PT-2022-16970 · Flask +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: Piano LED Visualizer versions 1.3 and prior Description: The issue concerns a path traversal attack. The os.path.join call is unsafe for use with untrusted input, as it ignores all parameters encountered before an absolute path and starts...