{"id":"CVE-2022-31539","details":"The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.","modified":"2026-04-10T04:53:50.527390Z","published":"2022-07-11T01:15:09.567Z","references":[{"type":"REPORT","url":"https://github.com/github/securitylab/issues/669#issuecomment-1117265726"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kotekan/kotekan","events":[{"introduced":"0"},{"last_affected":"0d2ed553d25fb621893b5837c9c68c9a74539c25"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2021.11"}]}}],"versions":["2018.07","2018.08","2018.08a","2018.10","2018.11","2018.12","2018.12a","2018.12b","2019.03","2019.05","2019.07","2019.08","2019.10","2019.10a","2019.12","2019.12a","2019.12b","2020.04","2020.04a","2020.06","2020.06a","2020.06b","2020.06c","2020.10","2020.11","2020.11a","2020.11b","2021.03","2021.03a","2021.03b","2021.10","2021.11","2021.11a","2021.11b","2021.11c","2021.11d","2021.11e","2021.11f"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31539.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"}]}