5 matches found
projects-manager (>=0.8.3.3 <=0.8.3.4) potentially affected by CVE-2023-52289 via flaskcode (=0.0.8)
flaskcode PYPI version =0.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on flaskcode and may be impacted: - projects-manager =0.8.3.3, =0.8.3.4 Source cves: CVE-2023-52289 Source advisory: OSV:GHSA-V3RG-QM46-XRG9...
CVE-2023-52289
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
CVE-2023-52289
The CVE-2023-52289 entry affects the Python package flaskcode up to version 0.0.8. Affected component: the /update-resource-data/ endpoint (views.py) in Flaskcode. Root cause: unauthenticated directory traversal that allows writing to arbitrary files. Impact: high, via a network-exposed POST requ...
CVE-2023-52289
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
CVE-2023-52289
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...