2 matches found
CVE-2022-31506
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31506
The CVE-2022-31506 entry concerns the cmusatyalab/opendiamond repository up to version 10.1.1, where an unsafe use of Flask's send_file enables absolute path traversal. The underlying issue is improper sanitization/validation when serving files, allowing an attacker to access arbitrary files on t...