Vulnerability Details CVE-2022-31586
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 9.3
CVSS v2 Score 6.4
References
Products affected by CVE-2022-31586
-
cpe:2.3:a:changepop-back_project:changepop-back:-
-
cpe:2.3:a:changepop-back_project:changepop-back:2019-06-04