2 matches found
CVE-2023-52289
The CVE-2023-52289 entry affects the Python package flaskcode up to version 0.0.8. Affected component: the /update-resource-data/ endpoint (views.py) in Flaskcode. Root cause: unauthenticated directory traversal that allows writing to arbitrary files. Impact: high, via a network-exposed POST requ...
CVE-2023-52288
The CVE-2023-52288 entry concerns the Flaskcode package for Python (versions up to 0.0.8). The vulnerability is an unauthenticated directory traversal that can be exploited via a GET request to /resource-data/.txt (from views.py), enabling reading of arbitrary files on the server. Connected advis...