Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r49h-6qxq-624f: Weave server API vulnerable to arbitrary file leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.

ghsa
#ios#git

Weave server API vulnerable to arbitrary file leak

High severity GitHub Reviewed Published Jul 31, 2024 to the GitHub Advisory Database • Updated Jul 31, 2024

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames