CVE-2023-35844
Description
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
NVD
Severity: HIGH
CVE ID: CVE-2023-35844
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2023-35844
Refrence: Project Discovery GitHub
Lserein
Lightdash文件读取漏洞(CVE-2023-35844)
Refrence: GitHub