Описание
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
EPSS
Процентиль: 37%
0.0016
Низкий
7.5 High
CVSS3
Дефекты
CWE-35
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
EPSS
Процентиль: 37%
0.0016
Низкий
7.5 High
CVSS3
Дефекты
CWE-35