CVE-2022-31507

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31503

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31518

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31517

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31512

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31563

CVE-2022-31563 affects the whmacmac/vprj repository (up to 2022-04-06). It is due to an unsafe use of Flask send_file, enabling absolute path traversal. NVD/V3.1 metrics indicate a high-severity impact with confidentiality loss (C:H) and a base score of 9.3, network attack vector, no privileges r...

CVE-2022-31504

The ChangeWeDer/BaiduWenkuSpiderflaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

cilantro 路径遍历漏洞

cilantro is an open source task runner from Deutsches Archäologisches Institut in Germany. Designed to manage long running distributed jobs that operate on file system objects . cilantro version 0.0.4 and earlier versions of a security vulnerability , the vulnerability stems from Flask's sendfile...

anuvaad-corpus 路径遍历漏洞

anuvaad-corpus is a Sunbird-AI open source anuvaad translation system. anuvaad-corpus 2020-11-23 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource or file path, which could be exploited...

ModelConverter 路径遍历漏洞

ModelConverter is a repository for ml-inory individual developers. It is used to convert models. A security vulnerability exists in ModelConverter version 2021-04-26 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

syrabond 路径遍历漏洞

syrabond is an MQTT-based smart home system. A security vulnerability exists in syrabond version 2020-05-25 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

ChangePop-Back 路径遍历漏洞

ChangePop-Back is an open source unizar-30226-2019-06 library for ChangePop-Back. ChangePop-Back has a security vulnerability in 2019-06-04 and earlier versions that stems from an unsafe use of Flask's sendfile function that allows absolute path traversal...

cockybook 路径遍历漏洞

cockybook is a simple book sharing service on opds server by Leo, an individual developer in China. A security vulnerability exists in cockybook, which stems from an insecure use of the Flask sendfile function...

munhak-moa 路径遍历漏洞

munhak-moa is a literary platform for woduq1414 individual developers. A security vulnerability exists in munhak-moa, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

Sphere_ImageBackend 路径遍历漏洞

SphereImageBackend is an image processing repository by the individual developer Varij Kapil in Germany. A security vulnerability exists in SphereImageBackend version 2019-10-03 and earlier, which stems from an incorrect call to Flask's sendfile function leading to absolute path traversal...

flask-yeoman 路径遍历漏洞

flask-yeoman is a Flask blueprint by Thomas Sileo, a French personal developer. It makes creating web applications with Yeoman and Flask a breeze. A security vulnerability exists in flask-yeoman version 2013-09-13 and earlier, which stems from an incorrect call to Flask's sendfile function that...