Lucene search
Veracode Vulnerability DatabaseVERACODE:36334HistoryJul 13, 2022 - 8:20 a.m.
Path Traversal
2022-07-1308:20:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.002 Low
EPSS
Percentile
54.6%
opendiamond is vulnerable to path traversal. The vulnerability exists due to a lack of sanitization of the Flask send_file function allowing an attacker to traverse through the directory via the obj_path.
| CPE | Name | Operator | Version |
|---|---|---|---|
| opendiamond | le | 10.1.1 | |
| opendiamond | le | 10.1.1 |
References
github.com/cmusatyalab/opendiamond/blob/7ded6b5d243fee3f56c978fc37638f9691e8dfec/opendiamond/dataretriever/augment_store.py#L164
github.com/cmusatyalab/opendiamond/commit/398049c187ee644beabab44d6fece82251c1ea56
github.com/cmusatyalab/opendiamond/issues/52
github.com/github/securitylab/issues/669#issuecomment-1117265726
Related
osv
osv
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
2022-07-12 00:00:57
CVE-2022-31506
2022-07-11 01:15:08
prion
prion
Path traversal
2022-07-11 01:15:00
cvelist
cvelist
CVE-2022-31506
2022-07-11 00:54:01
github
github
nvd
nvd
CVE-2022-31506
2022-07-11 01:15:08
cve
cve
CVE-2022-31506
2022-07-11 01:15:08