Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-6585
- EPSS 0.19%
- Veröffentlicht 30.08.2024 23:15:12
- Zuletzt bearbeitet 03.09.2024 15:35:16
Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. ...
7.3
CVE-2024-6586
- EPSS 20%
- Veröffentlicht 30.08.2024 23:15:12
- Zuletzt bearbeitet 03.09.2024 15:35:16
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF reque...
7.5
CVE-2023-35844
- EPSS 92.34%
- Veröffentlicht 19.06.2023 02:15:08
- Zuletzt bearbeitet 12.12.2024 01:24:19
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
1