CVE-2024-32005 Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...

PT-2024-24354 · Nicegui · Nicegui

Name of the Vulnerable Software and Affected Versions: NiceGUI versions prior to 1.4.21 Description: A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the / nicegui/ version /resources/key/path:path route. As a result, any file on the backend...