4 matches found
CVE-2022-31521
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
EUVD-2022-52977
Malicious code in bioql PyPI...
CVE-2022-31521
The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31521
The CVE-2022-31521 entry concerns the Niyaz-Mohamed/mosaic repository up to version 1.0.0, where an absolute path traversal is possible due to unsafe usage of Flask’s send_file. The Red Hat/CVE, NVD, OSV and other sources confirm this underlying flaw stems from how file paths are handled in send_...