4 matches found
EUVD-2022-28108
Malicious code in bioql PyPI...
CVE-2024-10649 Unauthenticated File Upload in wandb/openui
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The...
CVE-2024-10649
CVE-2024-10649 affects wandb/openui (commit c945bb859979659add5f490a874140ad17c56a5d). The vulnerability arises from unauthenticated endpoints that allow uploading and downloading files to an AWS S3 bucket via the /v1/share/{id:str} endpoints, enabling potential denial of service, stored XSS, and...
CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the AWSLOCATION setting was set, traversal was limited to that location only. The issue was...