CVE-2023-35844

Published: Jun 19, 2023

Modified: Dec 11, 2024

PUBLISHED

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://advisory.dw1.io/59

https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c

https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3

https://github.com/lightdash/lightdash/pull/5090

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-35844

Description

Affected Products

References