An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md |
History
Thu, 14 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-13T00:00:00
Updated: 2024-11-14T14:29:05.946Z
Reserved: 2023-12-31T00:00:00
Link: CVE-2023-52289
Vulnrichment
Updated: 2024-08-02T22:55:41.263Z
NVD
Status : Modified
Published: 2024-01-13T04:15:08.240
Modified: 2024-11-21T08:39:31.370
Link: CVE-2023-52289
Redhat
No data.