Javier Rengel Jiménez

1 exploit Active since Jun 2023
CVE-2023-35844 WRITEUP HIGH WRITEUP
lightdash < 0.510.3 - Path Traversal and Arbitrary File Write via Insecure File Endpoints
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
CVSS 7.5