Homepage

assemblyline-service-client@4.6.1.dev53 vulnerabilities

Assemblyline 4 - Service client

  • latest version

    4.6.1.dev145

  • latest non vulnerable version

    4.6.1.dev145

  • first published

    6 years ago

  • latest version published

    5 days ago

  • licenses detected

  • View assemblyline-service-client package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the assemblyline-service-client package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Relative Path Traversal

    assemblyline-service-client is an Assemblyline 4 - Service client

    Affected versions of this package are vulnerable to Relative Path Traversal via the download_file function in the task_handler.py. An attacker can overwrite arbitrary files, corrupt system files, or potentially execute code by supplying a crafted SHA-256 value that includes path traversal sequences, causing the client to write files to unintended locations on disk.

    How to fix Relative Path Traversal?

    Upgrade assemblyline-service-client to version 4.6.1.dev138 or higher.

    [,4.6.1.dev138)
    Go back to all versions of this package