Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI). Flask-Reuploaded has been patched in version 1.5.0.
Some workarounds are available. Do not pass user input to the `name` parameter, use auto-generated filenames only, and implement strict input validation if `name` must be used.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании
CVSS Vector v3.1
Weakness Type (CWE)
References 3
https://github.com/jugmac00/flask-reuploaded/commit/d64c6b2f71cb73734fc38baa0e3…
security-advisories@github.com
https://github.com/jugmac00/flask-reuploaded/pull/180
security-advisories@github.com
https://github.com/jugmac00/flask-reuploaded/security/advisories/GHSA-65mp-fq8v…
security-advisories@github.com