CVE-2022-31558

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/shiva

Identifiers

GHSA-qp72-96p2-g644, CVE-2022-31558

Package Slug

pypi/shiva

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

Affected Versions

All versions up to 0.10.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-26

source