7 matches found
Path Traversal
org.noear:solon-web-staticfiles is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied file paths in StaticMappings.java, allowing an attacker to access arbitrary files using "../filedir"...
com.easy-flowable:easy-flowable-solon-plugin (>=1.0.0 <=1.0.2), com.luomor.pcsms:pcsms-solon-plugin-example (>=1.0.0 <=1.0.1) +17 more potentially affected by CVE-2025-1584 via org.noear:solon-web-staticfiles (>=3.0.0-M1 <=3.0.9-M2)
org.noear:solon-web-staticfiles MAVEN version =3.0.0-M1, =1.0.0, =1.0.0, =2024.3.0, =1.3.0, =20250107, =3.3.4, =1.8.4, =1.3.1, =1.7.8, =1.9.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.10-M1 and more Source cves: CVE-2025-1584 Source advisory: SNYK:JAVA-ORGNOEAR-8745976...
com.easy-flowable:easy-flowable-solon-plugin (>=1.0.0 <=1.0.2), com.luomor.pcsms:pcsms-solon-plugin-example (>=1.0.0 <=1.0.1) +17 more potentially affected by CVE-2025-1584 via org.noear:solon-web-staticfiles (>=2.9.2-M1 <=3.0.9-M2)
org.noear:solon-web-staticfiles MAVEN version =2.9.2-M1, =1.0.0, =1.0.0, =2024.3.0, =1.3.0, =20250107, =3.3.4, =1.8.4, =1.3.1, =1.7.8, =1.8.0, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =3.0.10-M1 and more Source cves: CVE-2025-1584 Source advisory: OSV:GHSA-X8Q6-CCHR-P7M6...
Fedora 37 : python-starlette (2023-b082504356)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b082504356 advisory. Backport patch for GHSA-v5gw-mw7f-84px Path traversal vulnerability in StaticFiles. Tenable has extracted the preceding description block directly from the...
Path Traversal
starlette is vulnerable to Path Traversal. A remote attacker is able to gain access to sensitive files when the file or directory is exposed via StaticFiles. The vulnerability is exploitable if the file or directory starts with the same name as the StaticFiles directory...
GHSA-V5GW-MW7F-84PX Starlette has Path Traversal vulnerability in StaticFiles
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix:...
Starlette has Path Traversal vulnerability in StaticFiles
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix:...