11 matches found
CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...
CVE-2025-55013
The CVE-2025-55013 issue affects Assemblyline 4 Service Client. The task_handler.py component accepts a SHA-256 value from the server and uses it directly as a local filename, enabling a path traversal when the server (or a MITM) returns a payload like ../../../etc/cron.d/evil. This can cause the...
Assemblyline 4 Service Client 安全漏洞
Assemblyline 4 Service Client is a Canadian Centre for Cyber Security open source service client for publishing service results in Assemblyline 4. A security vulnerability exists in Assemblyline 4 Service Client versions prior to 4.6.1.dev138, which stems from the direct use of SHA-256 values...
Arbitrary File Write
assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...
Relative Path Traversal
Overview assemblyline-service-client is an Assemblyline 4 - Service client Affected versions of this package are vulnerable to Relative Path Traversal via the downloadfile function in the taskhandler.py. An attacker can overwrite arbitrary files, corrupt system files, or potentially execute code ...
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...
GHSA-75JV-VFXF-3865 Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...
PT-2025-31837 · Pypi · Assemblyline-Service-Client
Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...