Lucene search
K

46 matches found

Snyk
Snyk
added 2022/11/28 9:59 a.m.3 views

Directory Traversal

Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join. PoC 1 Install the...

7.5CVSS7.6AI score0.01342EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2022/07/06 12:0 a.m.39 views

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...

9.8CVSS3AI score0.01503EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/05 12:0 a.m.3 views

PT-2022-20952 · Beego · Beego

Name of the Vulnerable Software and Affected Versions: Beego versions 2.0.3 and below Description: The leafInfo.match function uses path.join to deal with wildcard values, which can lead to cross directory risk. This issue affects the Beego framework, potentially allowing unauthorized access to...

9.8CVSS9.2AI score0.01503EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2022/04/29 12:0 a.m.4 views

PT-2022-16970 · Flask +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: Piano LED Visualizer versions 1.3 and prior Description: The issue concerns a path traversal attack. The os.path.join call is unsafe for use with untrusted input, as it ignores all parameters encountered before an absolute path and starts...

9.9CVSS8.5AI score0.08038EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.2 views

Piano LED Visualizer 安全漏洞

Piano LED Visualizer is a piano playing software. A security vulnerability exists in Piano LED Visualizer version 1.3 and prior versions that stems from an insecure os.path.join when using untrusted input...

9.9CVSS7.9AI score0.08038EPSS
Exploits1References6
OSV
OSV
added 2020/07/15 9:15 p.m.3 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5CVSS7.1AI score0.01581EPSS
Exploits1References4
Rows per page
Query Builder