Vulnerability CVE-2023-35844


Published: 2023-06-19

Description:
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

 References:
https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3
https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c
https://github.com/lightdash/lightdash/pull/5090
https://advisory.dw1.io/59

Copyright 2026, cxsecurity.com

 

Back to Top