CVE-2022-31558
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/shiva
Identifiers
GHSA-qp72-96p2-g644, CVE-2022-31558
Package Slug
pypi/shiva
Vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Affected Versions
All versions up to 0.10.0
Solution
Unfortunately, there is no solution available yet.
Last Modified
2022-07-26
| source |