Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Vulnerability Description
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI). Flask-Reuploaded has been patched in version 1.5.0. Some workarounds are available. Do not pass user input to the `name` parameter, use auto-generated filenames only, and implement strict input validation if `name` must be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
flask-reuploaded 安全漏洞
Vulnerability Description
flask-reuploaded是Jürgen Gmach个人开发者的一个文件上传服务软件。 Flask-Reuploaded 1.5.0之前版本存在安全漏洞,该漏洞源于路径遍历和扩展名绕过,可能导致任意文件写入和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A