20 matches found
EUVD-2024-0273
Malicious code in bioql PyPI...
Path traversal in flaskcode Devan-Kerman ARRP
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component...
Path traversal in flaskcode
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
Path traversal in flaskcode
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
GHSA-V3RG-QM46-XRG9 Path traversal in flaskcode
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
projects-manager (>=0.8.3.3 <=0.8.3.4) potentially affected by CVE-2023-52289 via flaskcode (=0.0.8)
flaskcode PYPI version =0.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on flaskcode and may be impacted: - projects-manager =0.8.3.3, =0.8.3.4 Source cves: CVE-2023-52289 Source advisory: OSV:GHSA-V3RG-QM46-XRG9...
projects-manager (>=0.8.3.3 <=0.8.3.4) potentially affected by CVE-2023-52288 via flaskcode (=0.0.8)
flaskcode PYPI version =0.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on flaskcode and may be impacted: - projects-manager =0.8.3.3, =0.8.3.4 Source cves: CVE-2023-52288 Source advisory: OSV:GHSA-6H4Q-63C5-QFQF...
GHSA-6H4Q-63C5-QFQF Path traversal in flaskcode
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
CVE-2023-52288
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
Directory traversal
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
Directory traversal
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
Flaskcode Security Vulnerability
Flaskcode is a web-based code editor on the Python Flask framework. A security vulnerability exists in Flaskcode 0.0.8 and earlier versions, which stems from a directory traversal vulnerability that could allow an unauthenticated attacker to write to arbitrary files...
CVE-2023-52289
The CVE-2023-52289 entry affects the Python package flaskcode up to version 0.0.8. Affected component: the /update-resource-data/ endpoint (views.py) in Flaskcode. Root cause: unauthenticated directory traversal that allows writing to arbitrary files. Impact: high, via a network-exposed POST requ...
CVE-2023-52288
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
CVE-2023-52289
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
CVE-2023-52288
The CVE-2023-52288 entry concerns the Flaskcode package for Python (versions up to 0.0.8). The vulnerability is an unauthenticated directory traversal that can be exploited via a GET request to /resource-data/.txt (from views.py), enabling reading of arbitrary files on the server. Connected advis...
Flaskcode Security Vulnerability
Flaskcode is a web-based code editor on the Python Flask framework. A security vulnerability exists in Flaskcode 0.0.8 and earlier versions, which stems from a directory traversal vulnerability that could allow an unauthenticated attacker to read arbitrary files...
CVE-2023-52289
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...
CVE-2023-52288
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI from views.py, allows attackers to read arbitrary files...
PT-2024-14506 · Flaskcode · Flaskcode
Name of the Vulnerable Software and Affected Versions: flaskcode versions through 0.0.8 Description: An issue was discovered that allows for unauthenticated directory traversal, which can be exploited with a POST request to the "/update-resource-data/" API endpoint. This enables attackers to writ...