EUVD-2025-0018

Malicious code in bioql PyPI...

CVE-2024-56198

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...

@servable/manifest (>=1.15.0 <=1.34.1), @servable/parse-server-engine (>=1.0.2 <=1.9.2) +4 more potentially affected by CVE-2024-56198 via path-sanitizer (=2.0.0)

path-sanitizer NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on path-sanitizer and may be impacted: - @servable/manifest =1.15.0, =1.0.2, =1.0.0, =1.0.1, =1.0.2, =1.0.3 - generator-servable =1.14.0 Source cves: CVE-2024-56198 Source...

GHSA-94P5-R7CC-3RPR path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

Summary This is a POC for a path-sanitizer npm package. The filters can be bypassed and can result in path traversal. Payload: ..=%5c can be used to bypass this on CLI along with other candidates. Something similar would likely work on web apps as well. PoC Here's the code to test for the filter...

CVE-2024-56198

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...

CVE-2024-56198 path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...

CVE-2024-56198 path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...

CVE-2024-56198 path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0...

CVE-2024-56198

The CVE concerns the npm package path-sanitizer. Prior to version 3.1.0, its path-filtering can be bypassed with the sequence .=%5c, enabling path traversal. The vulnerability is fixed in 3.1.0. Affected software is the path-sanitizer package (node/npm), and the practical impact is potential acce...

path-sanitizer 路径遍历漏洞

path-sanitizer is a simple lightweight npm package from the individual developers at Cabra. A path traversal vulnerability exists in path-sanitizer versions prior to 3.1.0. An attacker could use this vulnerability to access sensitive files or directories on the system...

Kubernetes: RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field

A vulnerability was exploited that allowed arbitrary files to be written and executed on the ingress-nginx-controller pod through the manipulation of Ingress resource specifications. By configuring log formats and locations, malicious configurations could gain remote code execution capabilities o...