Vulnerability	Vulnerable Version
H Directory Traversal gapless-crypto-data is a Cryptocurrency OHLCV data collection with gap-free guarantee. Retrieves microstructure-enriched kline data from Binance Public Data Repository with automatic gap detection and filling. Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of the `symbol` parameter in the `BinancePublicDataCollector` class. The data collection routines concatenate the user-supplied `symbol` value directly into filesystem paths without sanitizing directory-traversal sequences. An attacker can exploit this by supplying crafted `symbol` values containing traversal patterns to read arbitrary files, write data outside the intended directory, or overwrite critical files, potentially leading to information disclosure, data corruption, or full system compromise. How to fix Directory Traversal? Upgrade `gapless-crypto-data` to version 2.16.0 or higher.	[,2.16.0)

Directory Traversal

gapless-crypto-data is a Cryptocurrency OHLCV data collection with gap-free guarantee. Retrieves microstructure-enriched kline data from Binance Public Data Repository with automatic gap detection and filling.

Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of the symbol parameter in the BinancePublicDataCollector class. The data collection routines concatenate the user-supplied symbol value directly into filesystem paths without sanitizing directory-traversal sequences. An attacker can exploit this by supplying crafted symbol values containing traversal patterns to read arbitrary files, write data outside the intended directory, or overwrite critical files, potentially leading to information disclosure, data corruption, or full system compromise.

How to fix Directory Traversal?

Upgrade gapless-crypto-data to version 2.16.0 or higher.

[,2.16.0)

Go back to all versions of this package