To be vulnerable to the bypass, the application must use toolkit version URI (from views.py), allows attackers to write to arbitrary files.Īn issue was discovered in the flaskcode package through 0.0.8 for Python. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. This occurs because the value of the gpg -use-embedded-filenames option is trusted.
ssh/id_rsa, may be disclosed to an attacker.
Diffoscope before 256 allows directory traversal via an embedded filename in a GPG file.
