Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31546 | 1 Glance Project | 1 Glance | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3748 | 1 Glance Project | 1 Glance | 2018-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name. | |||||