Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2022-31543 Path Traversal vulnerability in Setupbox Project Setupbox 1.0
The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
setupbox-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31544 Path Traversal vulnerability in Xtomo Robo-Tom
The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
xtomo CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31545 Path Traversal vulnerability in Modelconverter Project Modelconverter 20210426
The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
modelconverter-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31546 Path Traversal vulnerability in Glance Project Glance 20140627
The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
glance-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31547 Path Traversal vulnerability in Sphere Project Sphere 20200531
The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
sphere-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31548 Path Traversal vulnerability in Homepage Project Homepage 20170306
The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
homepage-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31549 Path Traversal vulnerability in Helm-Flask-Celery Project Helm-Flask-Celery
The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
helm-flask-celery-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31550 Path Traversal vulnerability in Python Athena Stack Project Python Athena Stack 20191108
The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
python-athena-stack-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31551 Path Traversal vulnerability in Flask-Mongo-Skel Project Flask-Mongo-Skel 20121101
The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
flask-mongo-skel-project CWE-22
critical
 9.3
9.3
2022-07-11 CVE-2022-31552 Path Traversal vulnerability in Anuvaad-Corpus Project Anuvaad-Corpus 20201123
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
network
low complexity
anuvaad-corpus-project CWE-22
critical
 9.3
9.3