What is CVE-2023-35844?

CVE-2023-35844 is a vulnerability in N/a. Published 2023-06-19.

Is CVE-2023-35844 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-35844

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

EPSS: 0.920 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Lserein/CVE-2023-35844
Szlein/CVE-2023-35844
izj007/wechat
nomi-sec/PoC-in-GitHub
rat857/AtomsPanic
whoami13apt/files2

References

advisory.dw1.io/59
github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c
github.com/lightdash/lightdash/compare/0.510.2...0.510.3
github.com/lightdash/lightdash/pull/5090

Frequently asked questions

What is CVE-2023-35844?: CVE-2023-35844 is a vulnerability in N/a. Published 2023-06-19.
Is CVE-2023-35844 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.