VYPR

PyPI package

weave

pkg:pypi/weave

Vulnerabilities (1)

  • CVE-2024-7340HigJul 31, 2024
    affected < 0.50.8fixed 0.50.8

    The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server