Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-c8f7-x2g7-7fxj: All source code and data in extensions folder is publicly available

Impact

All of the source code, files, and folders in phoenix_files/extensions/ are available to end users through a simple HTTP GET request.

Patches

The issue has been patched. The users of version 1.0.6 and above are not effected.

ghsa
Open in Source

Package

pip phoenix-ws (pip )

Affected versions

< 1.0.6

Description

Impact

All of the source code, files, and folders in phoenix_files/extensions/ are available to end users through a simple HTTP GET request.

Patches

The issue has been patched. The users of version 1.0.6 and above are not effected.

References

  • GHSA-c8f7-x2g7-7fxj

Severity

CVSS base metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

GHSA ID

GHSA-c8f7-x2g7-7fxj

Source code

Improvements are not currently accepted on this advisory because it uses an unsupported versioning operator. Read more and discuss here.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa