31 matches found
Directory Traversal
Overview emmett is a The web framework for inventors Affected versions of this package are vulnerable to Directory Traversal via the RSGI static handler for internal assets. An attacker can access arbitrary files outside the intended directory by sending specially crafted requests containing...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the static file handler when it serves GET responses without consuming the request body. An attacker can inject and have the server process unintended HTTP requests by embedding arbitrary HTTP requests inside...
CVE-2026-32020
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
OpenClaw backlink vulnerability (CNVD-2026-14859)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability, which is caused by a flaw in the static file handler following a symbolic link. An attacker can exploit the vulnerability to read arbitrary files outside the root directory...
CVE-2026-32020
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-32020
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-32020
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
EUVD-2026-13288
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-32020 OpenClaw < 2026.2.22 - Arbitrary File Read via Symlink Following in Static File Handler
OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...
CVE-2026-32020
OpenClaw is affected in versions prior to 2026.2.22 by a path traversal vulnerability in the static file handler that follows symbolic links, allowing reads of files outside the intended root when symlinks are placed under the Control UI root directory. The underlying issue is directory confineme...
EUVD-2022-39762
Malicious code in bioql PyPI...
EUVD-2023-0727
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-36565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the...
Exploit for CVE-2025-45781
π Kemal Framework 1.6.0 Path Traversal Vulnerability CVE-2025...
Arbitrary File Access
@graphql-mesh is vulnerable to Arbitrary File Access. The vulnerability is due to a missing validation check in the static file handler, which fails to restrict absolutePath to the designated staticFiles directory, allows attackers to access files outside the intended directory...
CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...
CVE-2025-27098
GraphQL Mesh exposes a path traversal vulnerability in its staticFiles handler. When serve.staticFiles is configured, the code path does not reliably constrain absolutePath to the staticFiles directory, allowing access to files outside the intended directory. Affects GraphQL Mesh and related CLI/...
graphql-mesh θ·―εΎιεζΌζ΄
graphql-mesh is an application by Arda TANRIKULU Individual Developer. A path traversal vulnerability exists in graphql-mesh, which stems from a lack of checks in the static file handler that could lead to arbitrary file reads and leak server data...