2 matches found
CVE-2022-31502
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31502
CVE-2022-31502 is a path-traversal vulnerability in the operatorequals/wormnest repository up to version 0.4.7, caused by unsafe use of Flask send_file that enables absolute path traversal. The issue is documented across multiple sources (NVD, Red Hat, OSV etc.), with the core detail that an atta...