Unrated severityNVD Advisory· Published Jul 11, 2022· Updated Aug 3, 2024
CVE-2022-31502
CVE-2022-31502
Description
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Affected products
2- operatorequals/wormnestdescription
- Range: <=0.4.7
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/github/securitylab/issues/669mitrex_refsource_MISC
- github.com/operatorequals/wormnest/commit/2dfe96fc2570586ac487b399ac20d41b3c114861mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.