EUVD-2022-52999

Malicious code in bioql PyPI...

Path Traversal

setupbox is vulnerable to path traversal. The vulnerability exists due to a lack of sanitization of the Flask sendfile function allowing an attacker to traverse through the directory via the path variable...

CVE-2022-31543

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31543

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Path traversal

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31543

CVE-2022-31543 affects the maxtortime/SetupBox repository up to version 1.0. The root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. The vulnerability is described across multiple connected records (Red Hat, NVD, Veracode, OSV, CVE lists) as a path-traversal flaw in S...

SetupBox 路径遍历漏洞

SetupBox is a middleware for implementing your own storage cloud by Kim Taehwan, an individual developer in Korea. A security vulnerability exists in SetupBox version 1.0 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...