3 matches found
GHSA-X574-M823-4X7W Vite bypasses server.fs.deny when using ?raw??
Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or...
USN-4975-2 python-django vulnerability
USN-4975-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly...
MP Form Mail CGI Professional Edition vulnerable to directory traversal
Overview MP Form Mail CGI Professional Edition provided by futomi Co., Ltd. contains a directory traversal vulnerability CWE-22. Yuuta Watanabe of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...