This page collects WhisperX intelligence signals tagged #path_traversal. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been identified in four key SBOM (Software Bill of Materials) task functions within the codebase. The functions `generate_sbom`, `score_tool`, `score_attestation`, and `score_osv` directly use user-supplied `args.file_path` and `args.revision_number` to construct file system paths ...
A critical security vulnerability in the widely used ImageMagick library has been exposed, requiring immediate action for developers using the Magick.NET-Q16-AnyCPU package. The flaw, rated with a high CVSS score of 8.6, is a policy bypass that allows attackers to perform path traversal, potentially reading restricted ...
A security audit of the MemPalace codebase has uncovered critical vulnerabilities, with a high-risk path traversal flaw posing a direct threat of irreversible data loss. The audit report details how the `mempalace migrate` and `mempalace repair` commands can be exploited to delete entire directories, including a user's...
A critical vulnerability in the Linux Profile tool allows an attacker to delete arbitrary files on the filesystem without any confirmation or safety checks. The flaw resides in the `Profile.setup_delete` method, which calls `.unlink()` on a user-supplied path. This method performs no secondary verification to ensure th...
在 First Whistle 的代码库中,一个低严重性但潜在危险的漏洞已被识别。自动化安全扫描发现,项目依赖的 @anthropic-ai/[email protected] 版本存在一个路径遍历漏洞(CWE-22)。该漏洞位于 SDK 的“内存工具”组件中,其路径验证存在缺陷,可能导致攻击者通过精心构造的文件路径,突破预期的沙箱边界,读取或写入同级目录中的文件。此漏洞的公共标识为 GHSA-5474-4w2j-mq4c,已在 SDK 的 0.81.0 及更高版本中修复。 然而,对 First Whistle 生产环境的深入审计揭示了一个关键缓解因素。尽管该 SDK 被列为 `functions/package.json` 中的依赖项,但审查...
A critical path traversal vulnerability in Express.js, tracked as CVE-2024-CRITICAL-001, has been identified and patched in version 4.19.2. The flaw carries a CVSS score of 9.8—the highest severity rating—allowing unauthenticated attackers operating over the network to read arbitrary files and potentially execute arbit...