CVE-2024-36059

CRITICAL Year: 2024
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-22
View all →

Vulnerability Description

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol.

Related Vulnerabilities

CVE-2020-15229

CRITICAL
CVSS:9.3(Critical)

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, ...

CWE-222020

CVE-2022-31501

CRITICAL
CVSS:9.3(Critical)

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31502

CRITICAL
CVSS:9.3(Critical)

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31503

CRITICAL
CVSS:9.3(Critical)

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022

CVE-2022-31504

CRITICAL
CVSS:9.3(Critical)

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

CWE-222022