3 matches found
GHSA-5FGG-JCPF-8JJW i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters
Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the /locales/resources.json endpoint. An attacker can access any files with the .json extension on the console's pod. Details A Directory Traversal attack also known as path traversal aims to access files and...
CVE-2024-7631 Openshift-console: openshift console: path traversal
A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...