CVE-2022-31525

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-31525

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31525.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31525

Published

2022-07-11T00:55:54Z

Modified

2026-05-15T04:04:40.041271699Z

Summary

[none]

Details

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "0.1.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31525.json",
    "cna_assigner": "mitre"
}

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31525.json
https://nvd.nist.gov/vuln/detail/CVE-2022-31525
https://github.com/github/securitylab/issues/669#issuecomment-1117265726

CVE-2022-31525

Affected packages