Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the SubFileSystem method. An attacker can access directories outside the intended confinement by supplying specially crafted paths containing unresolved .. segments. This is only exploitable if the input path is...

Directory Traversal

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted requests containing...

Prototype Pollution

Overview dottie is a Fast and safe nested object access and manipulation in JavaScript Affected versions of this package are vulnerable to Prototype Pollution in the set and transform functions. An attacker can inject unauthorized properties into an object's prototype chain by supplying specially...

PT-2026-22065

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

CVE-2007-4559

...

DEBIAN-CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

Embedthis Software GoAhead Arbitrary Code Execution Vulnerability

Embedthis Software GoAhead is an embedded Web server from Embedthis Software, USA. A security vulnerability exists in Embedthis Software GoAhead versions 3.0.0 through 3.4.1, which stems from the program's failure to properly handle path sections that begin with the '.' character in the beginning...

perl-Archive-Tar directory traversal flaws

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

DEBIAN-CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

UBUNTU-CVE-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...