Summary
BBOT: Arbitrary File Write in postman_download Module
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-F44V-7QGW-9GH9
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
- CRITICALGHSA-2JQ4-Q6VV-4CP3
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
- MEDIUMGHSA-HGW6-8C77-V4GQ
Armeria: External Control of File Name or Path in xDS SDS DataSource
- CRITICALGHSA-HXPF-9XVQ-WPH8
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
- MEDIUMGHSA-FJV8-J4P5-CR9M
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
- MEDIUMGHSA-X5MV-8WGW-29HG
tract-nnef: integer overflow in NNEF `.dat` tensor parser yields an out-of-bounds read on model load