MidnightBSD

Advisories for lightdash

CVE-2023-35844

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Products Affected

Vendor Product Version
lightdash lightdash *