PYSEC-2022-225

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ganga/PYSEC-2022-225.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-225

Aliases

Published

2022-07-11T01:15:00Z

Modified

2023-11-08T04:09:30.981496Z

Summary

[none]

Details

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

References

Affected packages

PyPI / ganga

Package

Name: ganga; View open source insights on deps.dev
Purl: pkg:pypi/ganga

Affected ranges

Type: GIT
Repo: https://github.com/ganga-devs/ganga
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

730e7aba192407d35eb37dd7938d49071124be8c

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.10

Affected versions

6.*

6.1.15

6.1.16

6.1.17

6.1.18

6.1.19

6.1.20

6.1.21

6.1.22

6.1.23

6.1.24

6.1.25

6.2.0

6.2.1

6.2.2

6.2.3

6.3.0

6.3.1

6.4.0

6.5.0

6.5.1

6.5.2

6.6.0

6.6.1

6.6.2

6.6.3

6.6.4

6.7.0

6.7.1

6.7.2

6.7.3

6.7.4

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.1.0

7.1.1

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8

7.1.9

7.1.10

7.1.11

7.1.12

7.1.13

7.1.14

7.1.15

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.1.0

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4rc0

8.3.4

8.3.5

8.4.0

8.4.1

8.4.2

8.4.4

8.4.5

8.4.6

8.4.7

8.4.8

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.5.9

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/ganga/PYSEC-2022-225.yaml"