6 matches found
n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions
Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...
CLSA-2026-1777446306 python: Fix of CVE-2019-9948
CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...
python: Fix of CVE-2019-9948
CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...
CLSA-2026-1777393949 python: Fix of CVE-2019-9948
CVE-2019-9948: fix urllib localfile:// URL scheme bypass that allowed file reads when localfile handler was defined...
Local File Bypass
phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...
CVE-2015-6322
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.18 allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563...