VYPR

Gladys

by Gladysassistant

Source repositories

CVEs (2)

  • CVE-2024-47210HigSep 21, 2024
    risk 0.50cvss 8.8epss 0.01

    Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.

  • CVE-2023-43256Sep 25, 2023
    risk 0.00cvss epss 0.01

    A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.