A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
References
Configurations
No configuration.
History
23 Jun 2025, 20:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Upsonic/Upsonic/issues/356 - | |
Summary |
|
19 Jun 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-19 21:15
Updated : 2025-06-23 20:16
NVD link : CVE-2025-6278
Mitre link : CVE-2025-6278
CVE.ORG link : CVE-2025-6278
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')