{"id":"CVE-2023-35844","details":"packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.","modified":"2026-04-10T05:01:38.108968Z","published":"2023-06-19T02:15:08.903Z","references":[{"type":"ADVISORY","url":"https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3"},{"type":"FIX","url":"https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c"},{"type":"FIX","url":"https://github.com/lightdash/lightdash/pull/5090"},{"type":"EVIDENCE","url":"https://advisory.dw1.io/59"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lightdash/lightdash","events":[{"introduced":"0"},{"fixed":"17bbbe65e633856fdd06f5cf327b1a144ad63951"},{"fixed":"fcc808c84c2cc3afb343063e32a49440d32a553c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.510.3"}]}}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.10.8","0.100.0","0.100.1","0.100.2","0.101.0","0.101.1","0.102.0","0.103.0","0.103.1","0.104.0","0.104.1","0.104.2","0.104.3","0.105.0","0.105.1","0.105.2","0.106.0","0.106.1","0.106.2","0.107.0","0.108.0","0.108.1","0.108.2","0.109.0","0.109.1","0.109.2","0.109.3","0.109.4","0.109.5","0.109.6","0.11.0","0.11.1","0.11.10","0.11.11","0.11.2","0.11.3","0.11.4","0.11.5","0.11.6","0.11.7","0.11.8","0.11.9","0.110.0","0.110.1","0.111.0","0.112.0","0.113.0","0.113.1","0.114.0","0.115.0","0.115.1","0.115.2","0.116.0","0.117.0","0.118.0","0.118.1","0.119.0","0.119.1","0.119.2","0.119.3","0.12.0","0.12.1","0.120.0","0.120.1","0.121.0","0.122.0","0.123.0","0.124.0","0.124.1","0.125.0","0.126.0","0.126.1","0.126.2","0.126.3","0.127.0","0.128.0","0.129.0","0.129.1","0.129.2","0.13.0","0.130.0","0.130.1","0.130.2","0.131.0","0.131.1","0.132.0","0.132.1","0.132.2","0.132.3","0.132.4","0.133.0","0.134.0","0.134.1","0.134.10","0.134.11","0.134.2","0.134.3","0.134.4","0.134.5","0.134.6","0.134.7","0.134.8","0.134.9","0.135.0","0.135.1","0.136.0","0.137.0","0.137.1","0.138.0","0.138.1","0.139.0","0.139.1","0.14.0","0.140.0","0.141.0","0.141.1","0.142.0","0.143.0","0.144.0","0.144.1","0.144.2","0.144.3","0.144.4","0.144.5","0.144.6","0.145.0","0.146.0","0.147.0","0.147.1","0.148.0","0.148.1","0.148.2","0.149.0","0.15.0","0.150.0","0.150.1","0.150.2","0.150.3","0.150.4","0.151.0","0.152.0","0.153.0","0.153.1","0.153.2","0.154.0","0.155.0","0.156.0","0.157.0","0.157.1","0.157.2","0.158.0","0.158.1","0.159.0","0.16.0","0.160.0","0.160.1","0.160.2","0.161.0","0.162.0","0.162.1","0.162.2","0.163.0","0.164.0","0.164.1","0.164.2","0.164.3","0.164.4","0.164.5","0.165.0","0.165.1","0.165.2","0.165.3","0.165.4","0.165.5","0.166.0","0.167.0","0.167.1","0.168.0","0.169.0","0.17.0","0.17.1","0.170.0","0.170.1","0.170.2","0.171.0","0.171.1","0.171.2","0.171.3","0.171.4","0.171.5","0.172.0","0.172.1","0.173.0","0.174.0","0.175.0","0.176.0","0.176.1","0.177.0","0.178.0","0.178.1","0.179.0","0.18.0","0.18.1","0.18.2","0.18.3","0.180.0","0.180.1","0.181.0","0.181.1","0.181.2","0.181.3","0.181.4","0.181.5","0.181.6","0.182.0","0.183.0","0.184.0","0.184.1","0.185.0","0.185.1","0.186.0","0.186.1","0.187.0","0.187.1","0.188.0","0.189.0","0.19.0","0.19.1","0.19.2","0.19.3","0.19.4","0.190.0","0.190.1","0.191.0","0.191.1","0.191.2","0.192.0","0.193.0","0.194.0","0.194.1","0.194.2","0.194.3","0.195.0","0.196.0","0.197.0","0.197.1","0.197.2","0.198.0","0.199.0","0.2.0","0.2.1","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.20.0","0.20.1","0.20.2","0.200.0","0.201.0","0.202.0","0.202.1","0.202.2","0.203.0","0.204.0","0.204.1","0.205.0","0.205.1","0.205.2","0.206.0","0.207.0","0.208.0","0.208.1","0.209.0","0.209.1","0.209.2","0.209.3","0.209.4","0.209.5","0.21.0","0.210.0","0.211.0","0.211.1","0.212.0","0.212.1","0.213.0","0.214.0","0.215.0","0.216.0","0.216.1","0.216.2","0.217.0","0.218.0","0.219.0","0.22.0","0.220.0","0.221.0","0.221.1","0.221.2","0.222.0","0.222.1","0.223.0","0.224.0","0.225.0","0.225.1","0.226.0","0.226.1","0.226.2","0.227.0","0.228.0","0.229.0","0.229.1","0.229.2","0.23.0","0.230.0","0.231.0","0.231.1","0.231.2","0.232.0","0.233.0","0.233.1","0.234.0","0.235.0","0.235.1","0.235.2","0.235.3","0.236.0","0.236.1","0.237.0","0.238.0","0.238.1","0.239.0","0.24.0","0.24.1","0.240.0","0.241.0","0.241.1","0.241.2","0.241.3","0.241.4","0.241.5","0.242.0","0.243.0","0.244.0","0.245.0","0.246.0","0.247.0","0.247.1","0.248.0","0.248.1","0.248.2","0.249.0","0.25.0","0.250.0","0.251.0","0.251.1","0.251.2","0.252.0","0.252.1","0.252.2","0.253.0","0.254.0","0.255.0","0.256.0","0.256.1","0.256.2","0.257.0","0.257.1","0.258.0","0.258.1","0.259.0","0.26.0","0.260.0","0.260.1","0.260.2","0.261.0","0.262.0","0.262.1","0.262.2","0.263.0","0.263.1","0.264.0","0.264.1","0.265.0","0.266.0","0.266.1","0.267.0","0.267.1","0.268.0","0.269.0","0.27.0","0.27.1","0.27.2","0.27.3","0.270.0","0.271.0","0.271.1","0.272.0","0.272.1","0.273.0","0.274.0","0.275.0","0.276.0","0.277.0","0.277.1","0.277.2","0.277.3","0.278.0","0.278.1","0.279.0","0.279.1","0.28.0","0.28.1","0.28.2","0.280.0","0.280.1","0.280.2","0.281.0","0.281.1","0.281.2","0.282.0","0.283.0","0.284.0","0.284.1","0.284.2","0.285.0","0.285.1","0.286.0","0.287.0","0.287.1","0.287.2","0.287.3","0.287.4","0.287.5","0.288.0","0.289.0","0.29.0","0.29.1","0.29.2","0.29.3","0.29.4","0.290.0","0.290.1","0.291.0","0.291.1","0.291.2","0.292.0","0.292.1","0.293.0","0.294.0","0.295.0","0.295.1","0.296.0","0.297.0","0.298.0","0.298.1","0.299.0","0.3.0","0.3.1","0.3.2","0.30.0","0.30.1","0.30.2","0.30.3","0.30.4","0.300.0","0.301.0","0.301.1","0.302.0","0.302.1","0.303.0","0.303.1","0.303.2","0.303.3","0.304.0","0.305.0","0.305.1","0.305.2","0.306.0","0.307.0","0.307.1","0.308.0","0.309.0","0.309.1","0.31.0","0.31.1","0.31.2","0.31.3","0.31.4","0.31.5","0.31.6","0.310.0","0.311.0","0.312.0","0.312.1","0.312.2","0.313.0","0.313.1","0.313.2","0.313.3","0.313.4","0.314.0","0.315.0","0.315.1","0.316.0","0.317.0","0.317.1","0.317.2","0.317.3","0.318.0","0.319.0","0.319.1","0.32.0","0.32.1","0.32.2","0.32.3","0.32.4","0.320.0","0.320.1","0.320.2","0.320.3","0.321.0","0.321.1","0.322.0","0.322.1","0.323.0","0.323.1","0.324.0","0.325.0","0.326.0","0.327.0","0.327.1","0.327.2","0.328.0","0.329.0","0.329.1","0.33.0","0.33.1","0.33.2","0.33.3","0.33.4","0.330.0","0.331.0","0.332.0","0.333.0","0.334.0","0.335.0","0.335.1","0.336.0","0.336.1","0.337.0","0.338.0","0.339.0","0.34.0","0.34.1","0.340.0","0.340.1","0.341.0","0.341.1","0.342.0","0.343.0","0.343.1","0.343.3","0.344.0","0.344.1","0.345.0","0.346.0","0.346.1","0.347.0","0.347.1","0.348.0","0.349.0","0.349.1","0.35.0","0.350.0","0.350.1","0.350.2","0.350.3","0.350.4","0.350.5","0.351.0","0.352.0","0.352.1","0.352.2","0.352.3","0.352.4","0.353.0","0.353.1","0.354.0","0.355.0","0.356.0","0.357.0","0.357.1","0.358.0","0.359.0","0.36.0","0.36.1","0.360.0","0.361.0","0.361.1","0.361.2","0.362.0","0.363.0","0.363.1","0.364.0","0.364.1","0.365.0","0.365.1","0.366.0","0.366.1","0.366.2","0.367.0","0.368.0","0.369.0","0.37.0","0.370.0","0.370.1","0.370.2","0.370.3","0.370.4","0.371.0","0.371.1","0.372.0","0.373.0","0.373.1","0.373.2","0.374.0","0.375.0","0.375.1","0.375.2","0.375.3","0.376.0","0.377.0","0.377.1","0.378.0","0.379.0","0.38.0","0.38.1","0.380.0","0.381.0","0.382.0","0.383.0","0.384.0","0.384.1","0.384.2","0.385.0","0.385.1","0.386.0","0.387.0","0.387.1","0.387.2","0.388.0","0.388.1","0.388.2","0.388.3","0.389.0","0.389.1","0.39.0","0.390.0","0.391.0","0.392.0","0.393.0","0.394.0","0.395.0","0.395.1","0.395.2","0.396.0","0.396.1","0.397.0","0.398.0","0.398.1","0.399.0","0.399.1","0.4.0","0.40.0","0.400.0","0.400.1","0.401.0","0.402.0","0.402.1","0.402.2","0.402.3","0.403.0","0.403.1","0.403.2","0.403.3","0.404.0","0.404.1","0.405.0","0.405.1","0.406.0","0.407.0","0.407.1","0.407.2","0.407.3","0.407.4","0.407.5","0.407.6","0.407.7","0.407.8","0.408.0","0.408.1","0.408.2","0.408.3","0.408.4","0.409.0","0.409.1","0.41.0","0.410.0","0.411.0","0.411.1","0.411.2","0.411.3","0.412.0","0.413.0","0.413.1","0.414.0","0.415.0","0.416.0","0.416.1","0.417.0","0.417.1","0.417.2","0.417.3","0.418.0","0.418.1","0.419.0","0.42.0","0.420.0","0.420.1","0.421.0","0.421.1","0.422.0","0.423.0","0.424.0","0.425.0","0.426.0","0.426.1","0.426.2","0.426.3","0.426.4","0.426.5","0.427.0","0.428.0","0.429.0","0.43.0","0.43.1","0.43.2","0.43.3","0.430.0","0.431.0","0.431.1","0.431.2","0.432.0","0.432.1","0.432.2","0.432.3","0.432.4","0.433.0","0.433.1","0.433.2","0.433.3","0.433.4","0.433.5","0.433.6","0.433.7","0.433.8","0.434.0","0.435.0","0.435.1","0.435.2","0.436.0","0.436.1","0.436.2","0.436.3","0.436.4","0.436.5","0.437.0","0.437.1","0.438.0","0.439.0","0.439.1","0.439.2","0.44.0","0.440.0","0.441.0","0.442.0","0.442.1","0.443.0","0.443.1","0.444.0","0.445.0","0.445.1","0.446.0","0.447.0","0.448.0","0.448.1","0.448.2","0.449.0","0.45.0","0.45.1","0.450.0","0.451.0","0.452.0","0.453.0","0.454.0","0.454.1","0.455.0","0.456.0","0.456.1","0.457.0","0.457.1","0.457.2","0.458.0","0.459.0","0.459.1","0.459.2","0.46.0","0.46.1","0.46.2","0.46.3","0.46.4","0.46.5","0.46.6","0.460.0","0.460.1","0.461.0","0.462.0","0.463.0","0.463.1","0.463.2","0.463.3","0.464.0","0.465.0","0.465.1","0.465.2","0.466.0","0.466.1","0.467.0","0.468.0","0.469.0","0.47.0","0.47.1","0.470.0","0.471.0","0.472.0","0.473.0","0.474.0","0.475.0","0.475.1","0.476.0","0.476.1","0.476.2","0.477.0","0.477.1","0.478.0","0.479.0","0.48.0","0.480.0","0.481.0","0.482.0","0.483.0","0.484.0","0.485.0","0.486.0","0.487.0","0.488.0","0.489.0","0.489.1","0.49.0","0.49.1","0.490.0","0.491.0","0.492.0","0.493.0","0.494.0","0.495.0","0.495.1","0.496.0","0.497.0","0.498.0","0.498.1","0.498.2","0.498.3","0.499.0","0.499.1","0.5.0","0.50.0","0.500.0","0.500.1","0.500.2","0.501.0","0.502.0","0.502.1","0.503.0","0.504.0","0.504.1","0.505.0","0.505.1","0.505.2","0.505.3","0.505.4","0.505.5","0.505.6","0.505.7","0.506.0","0.506.1","0.506.2","0.506.3","0.506.4","0.506.5","0.506.6","0.506.7","0.507.0","0.507.1","0.508.0","0.509.0","0.509.1","0.509.2","0.509.3","0.51.0","0.51.1","0.510.0","0.510.1","0.510.2","0.52.0","0.53.0","0.54.0","0.54.1","0.54.2","0.55.0","0.55.1","0.56.0","0.57.0","0.57.1","0.57.2","0.58.0","0.58.1","0.59.0","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.60.0","0.61.0","0.62.0","0.63.0","0.63.1","0.63.2","0.64.0","0.65.0","0.66.0","0.67.0","0.68.0","0.68.1","0.68.2","0.69.0","0.7.0","0.7.1","0.70.0","0.71.0","0.71.1","0.71.2","0.71.3","0.71.4","0.71.5","0.71.6","0.71.7","0.72.0","0.73.0","0.74.0","0.74.1","0.74.2","0.75.0","0.75.1","0.75.2","0.75.3","0.76.0","0.77.0","0.77.1","0.78.0","0.78.1","0.79.0","0.8.0","0.8.1","0.8.2","0.8.3","0.80.0","0.81.0","0.82.0","0.82.1","0.82.2","0.82.3","0.82.4","0.83.0","0.84.0","0.84.1","0.84.10","0.84.2","0.84.3","0.84.4","0.84.5","0.84.6","0.84.7","0.84.8","0.84.9","0.85.0","0.85.1","0.86.0","0.86.1","0.87.0","0.87.1","0.88.0","0.89.0","0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.90.0","0.90.1","0.91.0","0.91.1","0.91.2","0.91.3","0.91.4","0.91.5","0.91.6","0.91.7","0.92.0","0.92.1","0.93.0","0.93.1","0.93.2","0.93.3","0.93.4","0.93.5","0.94.0","0.94.1","0.94.2","0.94.3","0.95.0","0.95.1","0.95.2","0.95.3","0.95.4","0.95.5","0.95.6","0.96.0","0.96.1","0.96.2","0.96.3","0.97.0","0.97.1","0.98.0","0.99.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35844.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}