2 matches found
CVE-2022-31586
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31586
CVE-2022-31586 affects the unizar-30226-2019-06/ChangePop-Back repository. The root cause is unsafe handling of Flaskās send_file, enabling absolute path traversal through 2019-06-04 and earlier code. Connected docs (Red Hat, NVD/CVE pages, CVE lists, CNNVD) corroborate the vulnerability descript...