CVE-2022-31543

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31548

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

DSAB 路径遍历漏洞

DSAB is a data streaming algorithm benchmark. A benchmark designed to test the performance of various data streaming algorithms on multiple datasets in a simple manner. A security vulnerability exists in DSAB version 2.1 and earlier versions, which stems from insecure use of Flask's sendfile...

TrainEnergyServer 路径遍历漏洞

TrainEnergyServer is a train energy server by an individual developer in Rustam, South Korea. A security vulnerability exists in GitHub's rusyasoft/TrainEnergyServer project version 2017-08-03 and earlier, which stems from an incorrect call to Flask's sendfile function resulting in absolute path...

PYSEC-2017-43

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...