7 matches found
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31542
CVE-2022-31542 affects the mandoku/mdweb repository (pre-2015-05-07) where an unsafe use of Flask's send_file enables absolute path traversal. The issue is confirmed across multiple connected sources (NVD, Red Hat, CVE lists, CNNVD) describing the root cause as improper handling of file paths in ...
CVE-2022-31542
The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
mdweb 路径遍历漏洞
mdweb is a Mandoku web server from mandoku open source. A security vulnerability exists in mdweb version 2015-05-07 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...