4 matches found
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Security Bulletin: Multiple Vulnerabilities in Multicloud Management Security Services
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Multicloud Management Security Services Vulnerability Details CVEID:CVE-2022-31512 DESCRIPTION: flask-mvc could allow a remote attacker to traverse directories on the system, caused by the Flask sendfile function being used unsafely...
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31504
CVE-2022-31504 concerns the ChangeWeDer/BaiduWenkuSpider_flaskWeb repository, with a path traversal vulnerability caused by using Flaskās send_file unsafely. The issue exists in versions prior to 2021-11-29 and can enable an attacker to perform absolute path traversal to view arbitrary files on t...