3 matches found
Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion
Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...
GHSA-J9RX-RPPG-6HH4 Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Directory Deletion
Path Traversal in clearplugincache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High | Summa...
PT-2026-48538
Name of the Vulnerable Software and Affected Versions anyquery versions prior to 0.4.5 Description A path traversal issue exists in the SQL scalar function clear plugin cache within the namespace/other functions.go file. The function accepts a plugin argument and passes it to path.Join and...