7 matches found
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31516
Harveyzyh/Python repo (up to 2022-05-04) is vulnerable to absolute path traversal due to unsafe use of Flask send_file, enabling access to arbitrary files. The issue is caused by how send_file is used and is documented across multiple sources (notably Red Hat and NVD entries). The CVSS metrics in...
CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Harveyzyh Python 路径遍历漏洞
Harveyzyh Python is a private codebase. A security vulnerability exists in GitHub's Harveyzyh/Python version 2022-05-04 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...