Advisories for Pypi/Codechecker package

2024

CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine.

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Ericsson CodeChecker, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.