cve/CVE-2023-35844.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

858 B

Raw Blame History

CVE-2023-35844

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

POC

Reference

https://advisory.dw1.io/59

Github

https://github.com/Lserein/CVE-2023-35844
https://github.com/Szlein/CVE-2023-35844
https://github.com/izj007/wechat
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/rat857/AtomsPanic
https://github.com/whoami13apt/files2

858 B Raw Blame History

CVE-2023-35844

Description

POC

Reference

Github

858 B

Raw Blame History