CVE-2022-31573
Description
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ChainerRL Visualizer before 0.1.2 suffers from absolute path traversal due to unsafe Flask send_file, allowing arbitrary file read.
Vulnerability
CVE-2022-31573 describes an absolute path traversal vulnerability in the ChainerRL Visualizer, a tool for visualizing reinforcement learning agents. The issue stems from the unsafe use of Flask's send_file function, which does not properly sanitize user-supplied paths, enabling an attacker to access files outside the intended directory [1][2].
Exploitation
An attacker can exploit this by sending crafted HTTP requests to the Flask server, likely without authentication, as the application does not appear to implement access controls [1]. The attacker can specify absolute paths (e.g., /etc/passwd) to retrieve arbitrary files from the server's filesystem [2].
Impact
Successful exploitation allows an attacker to read sensitive files, including configuration files, source code, or system secrets, potentially leading to further compromise of the host system [2][3]. The vulnerability affects all versions of the repository up to and including 0.1.1 [1].
Mitigation
As of the publication date, no official patch has been released for this vulnerability. The only mitigation is to avoid exposing the Visualizer to untrusted networks or to restrict access to trusted users [3].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
chainerrl-visualizerPyPI | <= 0.1.1 | — |
Affected products
3- chainer/chainerrl-visualizerdescription
- Range: <=0.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-687h-86vc-5x59ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31573ghsaADVISORY
- github.com/github/securitylab/issues/669ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.