6 matches found
CVE-2022-31509
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31509
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31509
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31509
CVE-2022-31509 affects the repository iedadata/usap-dc-website (version ≤ 1.0.1). The vulnerability is an absolute path traversal created by unsafe use of Flask’s send_file function, enabling traversal of server filesystem paths. The issue is documented across multiple sources (NVD, Red Hat, OSV,...
CVE-2022-31509
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
usap-dc-website 路径遍历漏洞
usap-dc-website is an open source repository for usap-dc website by Interdisciplinary Earth Data Alliance. It includes a javascript client application and a python/flask server. A path traversal vulnerability exists in usap-dc-website version 1.0.1, which stems from insecure use of the Flask...