Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-35844: Comparing 0.510.2...0.510.3 · lightdash/lightdash

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow … directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

CVE
Open in Source

Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .

base repository: lightdash/lightdash base: 0.510.2

Choose a base ref

head repository: lightdash/lightdash compare: 0.510.3

Choose a head ref

  • 3 commits
  • 15 files changed
  • 3 contributors

Commits on Apr 14, 2023

  1. style: improve visuals by changing icons to tabler icons in dashboard…

    … and chart (#5071)

    * fix(client): update icons to tabler icons in chart

    * fix(client): update icons to tabler icons in dashboard

    * fix(client): update series search icon with telescope icon

    * fix(client): update icon button padding to reduce the button size

    lokeswaran-aj committed

    Apr 14, 2023

    bc1e3eb

  2. fix: add extra security to file endpoints (#5090)

    rephus committed

    Apr 14, 2023

    fcc808c

  3. chore(release): 0.510.3 [skip ci]

    ## [0.510.3](0.510.2…0.510.3) (2023-04-14)

    Bug Fixes

    * add extra security to file endpoints ([#5090](#5090)) ([fcc808c](fcc808c))

    semantic-release-bot committed

    Apr 14, 2023

    17bbbe6

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE