Sunrisexu

Name of the Vulnerable Software and Affected Versions: Intel(R) Extension for Transformers versions prior to 1.5 Description: The issue is related to path traversal in the Intel(R) Extension for Transformers software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to incorrect restriction of the directory path name with limited access. Exploitation of the issue may allow an attacker to elevate their privileges. Recommendations: For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting local access to the software to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Solara versions prior to 1.35.1 **Description** A Local File Inclusion (LFI) vulnerability was identified in Solara, which arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system. **Recommendations** For versions prior to 1.35.1, update to version 1.35.1 to resolve the issue. As a temporary workaround, consider restricting access to static files to minimize the risk of exploitation. Avoid using directory traversal sequences such as '../' in URI fragments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NiceGUI versions prior to 1.4.21 **Description** A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/ nicegui/{ version }/resources/{key}/{path:path}` route. As a result, any file on the backend filesystem that the web server has access to can be read by an attacker with access to the NiceUI leaflet website. **Recommendations** For versions prior to 1.4.21, upgrade to version 1.4.21 or later to address the vulnerability. As a temporary workaround, consider restricting access to the `/ nicegui/{ version }/resources/{key}/{path:path}` route until the upgrade is applied.