High severity7.5NVD Advisory· Published Dec 26, 2020· Updated Jun 17, 2026
CVE-2020-35284
CVE-2020-35284
Description
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Flamingo/Flamingodescription
Patches
Vulnerability mechanics
References
1- github.com/balloonwj/flamingo/issues/48nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.