PT-2026-31353

Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes in the upload...

Directory Traversal

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the validateAppId function. An attacker can access arbitrary files and directories outside the intended directory by...

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

SUSE CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/pathtraversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters...