CVE-2022-31571
https://notcve.org/view.php?id=CVE-2022-31571
The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio akashtalole/python-flask-restful-api versiones hasta 16-09-2019 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-31550
https://notcve.org/view.php?id=CVE-2022-31550
The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio olmax99/pyathenastack versiones hasta 08-11-2019 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-31518
https://notcve.org/view.php?id=CVE-2022-31518
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio JustAnotherSoftwareDeveloper/Python-Recipe-Database versiones hasta 31-03-2021 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-31516
https://notcve.org/view.php?id=CVE-2022-31516
The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio Harveyzyh/Python versiones hasta 04-05-2022 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-46823
https://notcve.org/view.php?id=CVE-2021-46823
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. python-ldap versiones anteriores a 3.4.0, es vulnerable a una denegación de servicio cuando es usado ldap.schema para definiciones de esquemas que no son confiables, debido a un fallo de denegación de servicio de expresiones regulares (ReDoS) en el analizador de esquemas LDAP. Al enviar una entrada regex diseñada, un atacante remoto autenticado podría explotar esta vulnerabilidad para causar una condición de denegación de servicio • https://exchange.xforce.ibmcloud.com/vulnerabilities/221507 https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm • CWE-1333: Inefficient Regular Expression Complexity •