Sharelatex: >> Sharelatex Security Vulnerabilities
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.
CVSS Score
6.5
EPSS Score
0.012
Published
2015-03-04
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
CVSS Score
3.5
EPSS Score
0.004
Published
2015-03-04