3 matches found
CVE-2026-33528
GoDoxy contains a path traversal vulnerability in its file content API: HTTP request to /api/v1/file/content with a crafted filename parameter can bypass validation and cause access outside the intended config directory by exploiting how the path is joined with ConfigBasePath. An authenticated at...
AZL-7224 CVE-2021-37622 affecting package exiv2 for versions less than 0.27.5-1
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacke...
PT-2021-6461 · Exiv2 +6 · Exiv2 +6
Name of the Vulnerable Software and Affected Versions: Exiv2 versions prior to v0.27.5 Description: The issue is related to an assertion failure when Exiv2 is used to modify the metadata of a crafted image file, potentially allowing an attacker to cause a denial of service. This bug is only...