11 matches found
CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...
CVE-2026-32847
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...
CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py
DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...
CVE-2026-32847
DeepCode (commit c991dc2) exposes a path traversal vulnerability in the SPA catch-all route of new_ui/backend/main.py. An unauthenticated attacker can read arbitrary files by sending percent-encoded path segments to GET /{full_path:path}, bypassing Starlette path normalization via %2F and %2E%2E....
DeepCode 路径遍历漏洞
DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...
PT-2026-44488
Name of the Vulnerable Software and Affected Versions DeepCode versions prior to commit c991dc2 Description A path traversal issue exists in the SPA catch-all route within new ui/backend/main.py. Unauthenticated attackers can read arbitrary files by providing percent-encoded path segments to the...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
EUVD-2025-37512
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...