CVE-2023-35844

Published June 19th, 2023

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

lightdash/lightdash

Agentic BI. Analytics at the speed of code ⚡️

GitHub

5.92K