CVE-2022-31506: SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
9.3
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
opendiamond | pip | <= 10.1.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from using os.path.join() with untrusted input to construct filesystem paths passed to Flask's send_file. The commit patching this issue systematically replaces os.path.join() with werkzeug.security.safe_join across multiple files, indicating these were all vulnerable path construction points. Each identified function handles user-controllable path components (obj_path, rel_path) and constructs absolute paths without proper validation, enabling attackers to escape the restricted directory via absolute paths or directory traversal sequences. The high confidence comes from: 1) Explicit replacement of os.path.join in the security fix 2) Direct connection between these functions and send_file usage 3) CWE-22 pattern matching for path traversal vulnerabilities.