4 matches found
CVE-2026-46612
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...
Linux Distros Unpatched Vulnerability : CVE-2021-34363
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The thefuck aka The Fuck package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the undo archive operation feature...
PYSEC-2023-279
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...
Path Traversal
thefuck is vulnerable to path traversal. Using "undo archive operation" feature allows deletion of arbitrary file outside of working directory...