24 matches found
CVE-2026-39847
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
aloni (>=0.2.1 <=0.2.3), code-exec-hz (>=1.0.0 <=1.0.1) +6 more potentially affected by CVE-2026-42544 via granian (>=1.3.2 <=2.6.1)
granian PYPI version =1.3.2, =0.2.1, =1.0.0, =2.5.10, =1.0.0, =0.2.0, =0.0.1, =2025.1.0, =0.1.1, =0.3.1 Source cves: CVE-2026-42544 Source advisory: OSV:GHSA-VRG7-482J-P6F6...
CVE-2026-42545
creationtimestamp| type| source ---|---|--- 2026-04-28 18:30:30+00:00| published-proof-of-concept| https://github.com/emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj...
EUVD-2026-19974
Emmett has a path traversal in internal assets handler...
Emmett has a path traversal in internal assets handler
The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...
Directory Traversal
Overview emmett is a The web framework for inventors Affected versions of this package are vulnerable to Directory Traversal via the RSGI static handler for internal assets. An attacker can access arbitrary files outside the intended directory by sending specially crafted requests containing...
GHSA-PR46-2V3C-5356 Emmett has a path traversal in internal assets handler
The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
PYSEC-2026-59
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847 Emmett has a path traversal in internal assets handler
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847 Emmett has a path traversal in internal assets handler
Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...
CVE-2026-39847
Emmett (Python web framework) versions 2.5.0 through before 2.8.1 are affected by a path traversal vulnerability in the RSGI static handler for internal assets located under /emmett . An attacker can abuse ../ sequences (for example /emmett /../rsgi/handlers.py) to read arbitrary files outside th...
PT-2026-31032
Name of the Vulnerable Software and Affected Versions Emmett versions 2.5.0 through 2.8.0 Description Emmett, a full-stack Python web framework, contains a path traversal flaw in its RSGI static handler for internal assets / emmett paths. An attacker can use '../' sequences in requests, such as '...
emmett θ·―εΎιεζΌζ΄
Emmett is a full-stack Python web framework developed by Emmett. Versions of Emmett from 2.5.0 to 2.8.1 had a path traversal vulnerability. This vulnerability stemmed from issues with the RSGI static processing program, allowing for the reading of files outside the asset directory...
CVE-2026-25577
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...
CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...
CVE-2026-25577
The CVE-2026-25577 issue affects emmett-core (and via transitive deps in emmett/emmett55) where emmett_core.http.wrappers.Request.cookies does not handle CookieError, allowing unauthenticated users to trigger HTTP 500s and denial of service by malformed Cookie headers. The Red Hat/NVD OSV and CIR...
emmett (>=2.6.0 <=2.6.3), emmett55 (>=1.0.0 <=1.1.0) potentially affected by CVE-2026-25577 via emmett-core (>=1.0.5 <=1.2.0)
emmett-core PYPI version =1.0.5, =2.6.0, =1.0.0, =1.1.0 Source cves: CVE-2026-25577 Source advisory: SNYK:PYTHON-EMMETTCORE-15264150...
Uncaught Exception
Overview emmett-core is an Emmett framework core libraries Affected versions of this package are vulnerable to Uncaught Exception in the cookies function, which does not properly handle CookieError. An attacker can cause HTTP 500 responses and crash by sending malicious Cookie headers. Remediatio...