Lucene search
Veracode Vulnerability DatabaseVERACODE:40319HistoryApr 27, 2023 - 3:27 p.m.
Path Traversal
2023-04-2715:27:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
path traversal
pretalx
vulnerability
export_schedule_html.py
arbitrary files
crafted html documents
security
0.001 Low
EPSS
Percentile
48.8%
pretalx is vulnerable to Path Traversal. The vulnerability exists in export_schedule_html.py which allows an attacker to read arbitrary files by uploading crafted html documents.
References
github.com/advisories/GHSA-wh3w-jcc7-mhmf
github.com/pretalx/pretalx/commit/1f58cdd6b200db2418991928936e4dfcdd3d882e
github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890
github.com/pretalx/pretalx/releases/tag/v2.3.2
pretalx.com/p/news/security-release-232/
www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/
Related
osv
osv
PYSEC-2023-41
2023-04-20 21:15:00
pretalx vulnerable to path traversal in HTML export
2023-04-20 21:33:27
CVE-2023-28459
2023-04-20 21:15:08
nvd
nvd
CVE-2023-28459
2023-04-20 21:15:08
prion
prion
Path traversal
2023-04-20 21:15:00
github
github
pretalx vulnerable to path traversal in HTML export
2023-04-20 21:33:27
cve
cve
CVE-2023-28459
2023-04-20 21:15:08
cvelist
cvelist
CVE-2023-28459
2023-04-20 00:00:00