3 matches found
CVE-2026-35397
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...
GHSA-MXW3-3HH2-X2MH Rack has a Directory Traversal via Rack:Directory
Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...
Rack has a Directory Traversal via Rack:Directory
Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...