Summary
symfony/ux-toolkit: Path Traversal Allows Arbitrary File Write and Read via Crafted Recipe Manifest
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-869J-R97X-HX2G
Anki's local HTTP server does not sufficiently validate requests
- HIGHGHSA-CC8F-FCX3-GPJR
SurrealDB: Arbitrary file read via DEFINE ANALYZER mapper() filter
- MEDIUMGHSA-4XGF-CPJX-PC3J
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size
- HIGHGHSA-F4XH-W4CJ-QXQ8
LangSmith SDK TracingMiddleware: Arbitrary server-side file read
- MEDIUMGHSA-CW6H-FFMH-X6VH
Anki: User scripts in iframes have access to the internal Anki API
- HIGHGHSA-C795-2G9C-J48M
EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id