21 matches found
EUVD-2022-6481
Malicious code in bioql PyPI...
CVE-2024-24569
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...
CVE-2024-24569
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...
CVE-2024-24569 `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...
PT-2024-1636 · Unknown · Pixee Java Code Security Toolkit
Name of the Vulnerable Software and Affected Versions: Pixee Java Code Security Toolkit versions =1.1.1 Description: The issue is related to a partial-path traversal bypass vulnerability in the ZipSecurityisBelowCurrentDirectory function. This vulnerability allows attackers to "escape" into sibli...
Graylog 路径遍历漏洞
Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real time, among other things. Graylog suffers from a path traversal vulnerability that stems from incorrect user input validation and a partial path traversal...
GHSA-9654-PR4F-GH6M HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057
Impact Zip Slip protections implemented in CVE-2023-24057 GHSA-jqh6-9574-5x22 can be bypassed due a partial path traversal vulnerability. This issue allows a malicious actor to potentially break out of the TerminologyCacheManager cache directory. The impact is limited to sibling directories. To...
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Impact A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: "/Users/foo/resources" When passing relative paths to these two vulnerabl...
GHSA-4MMH-5VW7-RGVJ Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Impact A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: "/Users/foo/resources" When passing relative paths to these two vulnerabl...
Path traversal
Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...
CVE-2022-36007
Venice (com.github.jlangch:venice) contains a Partial Path Traversal flaw in the load-file and load-resource functions. When given absolute paths whose name prefix matches a configured load path (e.g., "/Users/foo/resources"), an attacker can access files outside the intended directory (e.g., "/U...
CVE-2022-36007 Partial Path Traversal in com.github.jlangch:venice
Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...
CVE-2022-36007 Partial Path Traversal in com.github.jlangch:venice
Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...
GHSA-C28R-HW5M-5GV3 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
Overview A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1. Applications using the SDK control the destinationDirectory argument, but S3 object keys are determined by the application that uploaded the...
CVE-2022-31159
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
CVE-2022-22932
A flaw was found in the Apache Karaf obr: command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user...
CVE-2021-39208
SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...
CVE-2020-6110
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...
CVE-2020-6110
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...