CVE-2023-50265 | morpheus65535 bazarr up to 1.3.0 /api/swaggerui/static send_file filename path traversal (GHSL-2023-192)

Inserito da Angelo Barbosa | Dic 16, 2023 | CVE

A vulnerability, which was classified as critical, has been found in morpheus65535 bazarr up to 1.3.0. This issue affects the function send_file of the file /api/swaggerui/static. The manipulation of the argument filename leads to path traversal.

The identification of this vulnerability is CVE-2023-50265. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50265 | morpheus65535 bazarr up to 1.3.0 /api/swaggerui/static send_file filename path traversal (GHSL-2023-192)

Post correlati

CVE-2023-42924 | Apple macOS up to 13.6.2/14.1 access control (HT214036)

CVE-2023-31346 | AMD 3rd Gen EPYC Processors/4th Gen EPYC Processors SEV Firmware initialization

CVE-2023-43994 | makotoya mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2023-52451 | Linux Kernel up to 6.7.1 on PowerPC memhp dlpar_memory_remove_by_index null pointer dereference