2 matches found
Directory Traversal
Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal via the profile import mechanism. An attacker can read arbitrary files on the server filesystem by supplying ...
PT-2026-44729
Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The profile import mechanism in the compliance-trestle library fails to perform boundary checks when resolving trestle:// URIs and relative file paths. By joining these paths with trestle root and...