Home > Vulnerability Database > WS-2023-0136

Mend.io Vulnerability Database

WS-2023-0136

Good to know:

Date: May 2, 2023

A Path Traversal vulnerability at Slack Image Endpoint in exists in lightdash before 0.510.3. It allows an unauthenticated attacker to access sensitive files on the server, leading to potential information disclosure.

Language: TYPE_SCRIPT

Severity Score

9.4

Related Resources (2)

Url: https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c

Url: https://www.mend.io/vulnerability-database/WS-2023-0136

Severity Score

9.4

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

Top Fix

Upgrade Version

Upgrade to version 0.510.3

Learn More

CVSS v3.1

Base Score:	9.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2023-0136

Good to know:

Date: May 2, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?