33 matches found
CVE-2024-49770
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...
UBUNTU-CVE-2024-4982
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...
CVE-2024-4982 Pagure: path traversal in view_issue_raw_file()
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...
CVE-2024-8238
CVE-2024-8238 affects aimhubio/aim v3.22.0 where AimQL uses an outdated safer_getattr() from RestrictedPython, failing to block str.format_map() and allowing access to arbitrary Python attributes (e.g., os.environ) and potential unrestricted code execution if a malicious .dll/.so is loaded. Multi...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
CVE-2024-57727
CVE-2024-57727 affects SimpleHelp RMM
Path traversal in oak allows transfer of hidden files within the served root directory
Summary By default oak does not allow transferring of hidden files with Context.send API. However, this can be bypassed by encoding / as its URL encoded form %2F. Details 1. Oak uses decodeComponent which seems to be unexpected. This is also the reason why it is not possible to access a file that...
CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...
CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...
oak 安全漏洞
oak is a middleware framework from oak open source. A security vulnerability exists in oak versions prior to 17.1.3. An attacker exploiting the vulnerability can read sensitive user data or gain access to server secrets...
PT-2024-33679 · Oak · Oak
Name of the Vulnerable Software and Affected Versions: oak versions prior to 17.1.3 Description: The issue allows an attacker to bypass the default restriction on transferring hidden files using the Context.send API by encoding / as its URL encoded form %2F. This can potentially lead to reading...
SUSE CVE-2024-4982
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...
PT-2022-27007 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions below 8.5.10 Concrete CMS formerly concrete5 versions between 9.0.0 and 9.1.2 Description: The issue inadvertently discloses server-side sensitive information, including secrets in environment variable...