CVE-2023-50265 | morpheus65535 bazarr up to 1.3.0 /api/swaggerui/static send_file filename path traversal (GHSL-2023-192)

Inserito da Angelo Barbosa | Dic 16, 2023 | CVE

A vulnerability, which was classified as critical, has been found in morpheus65535 bazarr up to 1.3.0. This issue affects the function send_file of the file /api/swaggerui/static. The manipulation of the argument filename leads to path traversal.

The identification of this vulnerability is CVE-2023-50265. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50265 | morpheus65535 bazarr up to 1.3.0 /api/swaggerui/static send_file filename path traversal (GHSL-2023-192)

Post correlati

CVE-2023-45193 | IBM DB2/DB2 Connect Server 11.5 Cursor denial of service (XFDB-268759)

CVE-2024-2663 | ZD YouTube FLV Player Plugin up to 1.2.6 on WordPress server-side request forgery

CVE-2024-7496 | itsourcecode Airline Reservation System 1.0 /index.php page file inclusion

CVE-2024-3276 | Lightbox & Modal Popup Plugin up to 2.7.27 on WordPress Setting cross site scripting