CVE-2022-31511

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31508

CVE-2022-31508 affects the idayrus/evoting repository prior to 2022-05-08. The vulnerability arises from unsafe use of Flask’s send_file, enabling absolute path traversal that could allow access to arbitrary files/directories on the file system. NVD CVSSv3.1 base score 9.3 (CRITICAL) with network...

CVE-2022-31507

CVE-2022-31507 affects the ganga-devs/ganga repository prior to 8.5.10. The vulnerability is an absolute path traversal caused by unsafe use of Flask send_file, enabling access to unintended files via absolute paths. Documentation from Red Hat, GHSA, OSV, and Veracode-affiliated entries consisten...

CVE-2022-31505

The CVE-2022-31505 entry covers a path traversal vulnerability in the open-source repository cheo0/MercadoEnLineaBack, present through 2022-05-04. Affected component: the server-side Flask application’s use of send_file, which is described as unsafe and leads to absolute path traversal. This coul...

CVE-2022-31502

CVE-2022-31502 is a path-traversal vulnerability in the operatorequals/wormnest repository up to version 0.4.7, caused by unsafe use of Flask send_file that enables absolute path traversal. The issue is documented across multiple sources (NVD, Red Hat, OSV etc.), with the core detail that an atta...

CVE-2022-24900

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...