CVE-2023-35844

HIGH EXPLOITED NUCLEI

Lightdash < 0.510.3 - Path Traversal

Title source: rule

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Exploits (2)

nomisec WORKING POC 20 stars

by Lserein · infoleak

https://github.com/Lserein/CVE-2023-35844

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/szlein/cve-2023-35844

View Code ZIP pw:eip

Nuclei Templates (1)

Lightdash version <= 0.510.3 Arbitrary File Read

HIGHVERIFIEDby dwisiswant0

Shodan: title:"Lightdash" || http.title:"lightdash"

FOFA: title="lightdash"

References (4)

[Exploit, Third Party Advisory] https://advisory.dw1.io/59

[Patch] https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c

[Release Notes] https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3

[Patch] https://github.com/lightdash/lightdash/pull/5090

Scores

CVSS v3 7.5

EPSS 0.9234

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-04

CWE

CWE-22

Status published

Products (1)

lightdash/lightdash < 0.510.3

Published Jun 19, 2023

Tracked Since Feb 18, 2026