Baranteyin1

**Name of the Vulnerable Software and Affected Versions** pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 **Description** pyLoad contains a flaw in the `edit package()` function where insufficient sanitization of the `pack folder` parameter allows for path traversal. The existing protection uses a single replacement of "../", which can be bypassed with crafted recursive traversal sequences like `..././..././..././tmp`. A successful exploit allows an authenticated user with MODIFY permission to write files to arbitrary locations, such as /tmp, by escaping the intended storage directory. The issue is triggered by submitting a payload similar to `pack folder=..././..././..././tmp`, which after the single-pass replacement becomes `../../../tmp`. **Recommendations** Update to version 0.5.0b3.dev97 or later.

Name of the Vulnerable Software and Affected Versions: Lychee versions prior to 6.6.13 Description: A critical Server-Side Request Forgery (SSRF) issue exists in the "/api/v2/Photo::fromUrl" endpoint, allowing an attacker to instruct the application's backend to make HTTP requests to any URL they choose. This enables access to internal network resources, such as localhost services or cloud-provider metadata endpoints. The endpoint takes a URL from the user and calls it server-side via fopen() without any safeguards, including IP address validation, allow-list, timeout, or size restrictions. Attackers can use this flaw to perform internal port scans or retrieve sensitive cloud metadata. Recommendations: For versions prior to 6.6.13, update to version 6.6.13 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/v2/Photo::fromUrl" endpoint until the patch is applied. Avoid using the `URL` variable in the affected API endpoint until the issue is resolved.