CVE-2023-35844

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

NVD
Severity: HIGH
CVE ID: CVE-2023-35844
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-35844

Refrence: Project Discovery GitHub

Lserein

Lightdash文件读取漏洞（CVE-2023-35844）

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept