CVE-2022-31539

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31539

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31539.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31539

Published

2022-07-11T01:15:09.567Z

Modified

2025-11-28T12:28:36.390420Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L CVSS Calculator

Summary

[none]

Details

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

References

https://github.com/github/securitylab/issues/669#issuecomment-1117265726

Affected packages

Git / github.com/kotekan/kotekan

Affected ranges

Type: GIT
Repo: https://github.com/kotekan/kotekan
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f97998b79bb057668de62ced820273c3f5a5fd27

Affected versions

2018.*

2018.07

2018.08

2018.08a

2018.10

2018.11

2018.12

2018.12a

2018.12b

2019.*

2019.03

2019.05

2019.07

2019.08

2019.10

2019.10a

2019.12

2019.12a

2019.12b

2020.*

2020.04

2020.04a

2020.06

2020.06a

2020.06b

2020.06c

2020.10

2020.11

2020.11a

2020.11b

2021.*

2021.03

2021.03a

2021.03b

2021.10

2021.11

2021.11a

2021.11b

2021.11c

2021.11d

2021.11e

Other

ARO_apr2017

aro_aug2016

aro_deployed_2020sep

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31539.json"