The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00309}

epss

{'score': 0.00461}


Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00115}

epss

{'score': 0.00309}


Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00097}

epss

{'score': 0.00115}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-07-11T00:54:54

Updated: 2024-08-03T07:19:06.087Z

Reserved: 2022-05-23T00:00:00

Link: CVE-2022-31515

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-07-11T01:15:08.617

Modified: 2024-11-21T07:04:37.563

Link: CVE-2022-31515

cve-icon Redhat

No data.