CVE-2022-31533

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

SupremeBot and Mario cross the finish line together

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...

CVE-2022-31533

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31533

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31533

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31533

The CVE-2022-31533 entry concerns the decentraminds/umbral repository up to 2020-01-15, where an absolute path traversal vulnerability arises from an unsafe use of Flask’s send_file. The connected Red Hat CVE entry, NVD/NIST record, and CNNVD/CVE lists corroborate that the issue is tied to path t...

umbral 路径遍历漏洞

umbral is a NuCypher API open-sourced by decentraminds.ai for applying proxy re-encryption on decentralized marketplaces. A security vulnerability exists in umbral version 2020-01-15 and earlier, which stems from an incorrect call to Flask's sendfile function resulting in absolute path traversal...