GHSA-687H-86VC-5X59 ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31573

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31573

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31573

CVE-2022-31573 affects the chainer/chainerrl-visualizer project (up to version 0.1.1). The vulnerability arises from unsafe use of Flask send_file, enabling absolute path traversal and potential access to arbitrary files on the server. Multiple connected sources (Red Hat, Veracode, CNVD, OSV, CNV...

chainerrl-visualizer 路径遍历漏洞

chainerrl-visualizer is Chainer's open source way to visually analyze the behavior of ChainerRL agents to make debugging easier. chainerrl-visualizer suffers from a path traversal vulnerability that stems from a failure of the Flask sendfile function to properly filter the resource or file path f...

WordPress Visualizer plugin <= 3.7.9 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Visualizer plugin versions = 3.7.9. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.10...

Malicious code in fusion-tables-archive-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 546ea1dd641d2981769ae1f7959e204d0c8b4376413c6c2d4d6568457ca9ad4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4585 Malicious code in microsoft-bonsai-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in microsoft-bonsai-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af44fbbcf5f4c4b320b933ab7cc00323158be62a4c2d23be50f06265760b5a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in report-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 669884b2f8e009bf9d311042e3de24a7e2468fa34ac0ce63a586448655ef842d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5752 Malicious code in report-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 669884b2f8e009bf9d311042e3de24a7e2468fa34ac0ce63a586448655ef842d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rider-debug-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ce0c44d9cec03b61e93b21730547c7f67365aae68f3e1dac44c5dfa8467985d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in qs-state-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9da71ad932749ac1913fcb6cb4136c1ff886b10688974cc061dcdc2de8aebd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5559 Malicious code in qs-state-visualizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9da71ad932749ac1913fcb6cb4136c1ff886b10688974cc061dcdc2de8aebd3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Visualizer plugin <= 3.7.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Visualizer plugin versions = 3.7.6. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.7...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart=yes=6190=visualizer"...

GHSA-3MWJ-7VMQ-W43P Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin

Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Run/Update permission. Yet Another Build Visualizer Plugin 1.12 escapes tooltip content...