GHSA-qp72-96p2-g644, CVE-2022-31558
pypi/shiva
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
All versions up to 0.10.0
Unfortunately, there is no solution available yet.
2022-07-26
source |