Insecure File Endpoints in Lightdash Before 0.510.3

Insecure File Endpoints in Lightdash Before 0.510.3

CVE-2023-35844 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Learn more about our Web Application Penetration Testing UK.