Absolute Path Traversal in Helm Flask Celery Repository by Olmax99
CVE-2022-31549

9.3CRITICAL

Key Information:

Vendor

Helm-flask-celery Project

Status
Helm-flask-celery
Vendor
CVE Published:
11 July 2022

What is CVE-2022-31549?

A vulnerability exists in the Helm Flask Celery repository by Olmax99, where the use of the Flask 'send_file' function without proper safeguards allows for absolute path traversal. This flaw could enable unauthorized access to server files, leading to potential data exposure. Developers utilizing this repository should be aware of this issue and update to the fixed version released after May 25, 2022 to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/github/securitylab/issues/669#issuecom...
x_refsource_MISC
https://github.com/olmax99/helm-flask-celery/commit/28c98...
x_refsource_MISC

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.