Lucene search
Veracode Vulnerability DatabaseVERACODE:40318HistoryApr 27, 2023 - 2:30 p.m.
Path Traversal
2023-04-2714:30:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
pretalx
software
path traversal
html export
0.001 Low
EPSS
Percentile
45.7%
pretalx is vulnerable to Path Traversal. The vulnerability exists in the HTML export feature in export_schedule_html.py which allows an attacker to overwrite arbitrary files.
References
github.com/advisories/GHSA-23fx-92m6-4f2g
github.com/pretalx/pretalx/commit/1f58cdd6b200db2418991928936e4dfcdd3d882e
github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890
github.com/pretalx/pretalx/releases/tag/v2.3.2
pretalx.com/p/news/security-release-232/
www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/
Related
cve
cve
CVE-2023-28458
2023-04-20 21:15:08
github
github
pretalx allows path traversal in HTML export
2023-04-20 21:33:27
prion
prion
Path traversal
2023-04-20 21:15:00
osv
osv
CVE-2023-28458
2023-04-20 21:15:08
pretalx allows path traversal in HTML export
2023-04-20 21:33:27
PYSEC-2023-40
2023-04-20 21:15:00
nvd
nvd
CVE-2023-28458
2023-04-20 21:15:08
cvelist
cvelist
CVE-2023-28458
2023-04-20 00:00:00