46 matches found
Directory Traversal
Overview serve-lite is an a lightweight http-server for static file-based web development Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join. PoC 1 Install the...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The leafInfo.match function in Beego v2.0.3 and below uses path.join to deal with wildcardvalues which can lead to cross directory risk...
PT-2022-20952 · Beego · Beego
Name of the Vulnerable Software and Affected Versions: Beego versions 2.0.3 and below Description: The leafInfo.match function uses path.join to deal with wildcard values, which can lead to cross directory risk. This issue affects the Beego framework, potentially allowing unauthorized access to...
PT-2022-16970 · Flask +1 · Flask +1
Name of the Vulnerable Software and Affected Versions: Piano LED Visualizer versions 1.3 and prior Description: The issue concerns a path traversal attack. The os.path.join call is unsafe for use with untrusted input, as it ignores all parameters encountered before an absolute path and starts...
Piano LED Visualizer 安全漏洞
Piano LED Visualizer is a piano playing software. A security vulnerability exists in Piano LED Visualizer version 1.3 and prior versions that stems from an insecure os.path.join when using untrusted input...
CVE-2020-15779
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...