CVE-2022-31539

Name of the Vulnerable Software and Affected Versions kotekan/kotekan versions 2021.11 and earlier

Description The issue allows for absolute path traversal due to the unsafe use of the Flask send file function. This enables potential access to sensitive files outside the intended directory.

Recommendations For versions 2021.11 and earlier, consider restricting access to the send file function until a patch is available. As a temporary workaround, review and limit the use of absolute paths in the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.