An issue exists in the flaskcode package up to and including 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows malicious users to read arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sujeetkv flaskcode |