CVE-2022-31507
- Source
- https://cve.org/CVERecord?id=CVE-2022-31507
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31507.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-31507
- Aliases
- Published
- 2022-07-11T01:15:08.293Z
- Modified
- 2026-02-27T07:34:03.348041Z
- Severity
-
- 9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- References
-
- https://github.com/ganga-devs/ganga/commit/730e7aba192407d35eb37dd7938d49071124be8c
- https://github.com/ganga-devs/ganga/releases/tag/8.5.10
- https://github.com/github/securitylab/issues/669#issuecomment-1117265726
- https://github.com/github/securitylab/issues/669#issuecomment-1117265726
- https://github.com/ganga-devs/ganga/commit/730e7aba192407d35eb37dd7938d49071124be8c
- https://github.com/ganga-devs/ganga/commit/730e7aba192407d35eb37dd7938d49071124be8c
- https://github.com/github/securitylab/issues/669#issuecomment-1117265726
Affected packages
Git / github.com/ganga-devs/ganga
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ganga-devs/ganga
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.0
5.*
5.4.TRUNK.BACKUP
6.*
6.1.10
6.1.11
6.1.12
6.1.13
6.1.14
6.1.15
6.1.16
6.1.17
6.1.18
6.1.19
6.1.20
6.1.21
6.1.22
6.1.23
6.1.24
6.1.25
6.2.0
6.2.1
6.2.2
6.2.3
6.3.0
6.3.1
6.4.0
6.5.0
6.5.1
6.5.2
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.7.0
6.7.1
6.7.2
6.7.3
6.7.4
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.1.0
7.1.1
7.1.11
7.1.12
7.1.13
7.1.14
7.1.15
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0
8.2.1
8.2.2
8.2.3
8.2.4
8.3.0
8.3.1
8.3.2
8.3.3
8.4.3