packages/backend/src/routers in Lightdash before 0.510.3...
High severity
Unreviewed
Published
Jun 19, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Jun 19, 2023
Published to the GitHub Advisory Database
Jun 19, 2023
Last updated
Apr 4, 2024
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
References