Ail Framework
CVE-2020-8545
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Global.py in AIL framework 2.8 allows path traversal.
AnalysisAI
Global.py in AIL framework 2.8 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Circl Ail Framework.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Ail Framework
View allStored cross-site scripting in AIL Framework <6.8 allows authenticated high-privilege attackers to inject malicious Java
Authenticated path traversal in AIL Framework (CIRCL's Analysis Information Leak threat-intel platform) lets a low-privi
Path traversal in AIL Framework's PDF object handling lets an authenticated user read files outside the intended PDF sto
Path traversal in AIL Framework's `/objects/item/diff` endpoint exposes gzip-compressed server-side files to authenticat
Unlimited OTP brute-force against AIL Framework's two-factor authentication endpoint allows an attacker who already poss
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today