Skip to content

Absolute Path Traversal due to incorrect use of send_file call

Critical
Epicus7 published GHSA-95jq-7f5x-v9x7 May 4, 2022

Package

Hub module (Flask)

Affected versions

commit< 4077b499a1ca213f3eb55b8321a4733d83531750

Patched versions

commit > f25543dfc62a9694d7e4f67eebfa45e3de916053

Description

See: #62

Severity

Critical

CVE ID

CVE-2022-31501

Weaknesses

Credits