CVE-2023-52288

Name of the Vulnerable Software and Affected Versions flaskcode versions through 0.0.8

Description An issue in the flaskcode package allows an unauthenticated directory traversal, which can be exploited with a GET request to the "/resource-data/.txt" API endpoint. This enables attackers to read arbitrary files.

Recommendations For versions through 0.0.8, as a temporary workaround, consider restricting access to the "/resource-data/.txt" API endpoint until a patch is available. Avoid using the file path variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.