VYPR

PyPI package

lektor

pkg:pypi/lektor

Vulnerabilities (1)

  • CVE-2024-28335CriMar 27, 2024
    affected < 3.3.11fixed 3.3.11

    Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the we