EUVD-2026-28802
GHSA-3rf6-x59v-5jfv
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components
AnalysisAI
Remote code execution in dash-uploader (Python package for Plotly Dash) versions 0.1.0 through 0.7.0a2 allows unauthenticated remote attackers to execute arbitrary code via directory traversal flaws in the HTTP request handler. The vulnerability affects temp_root path handling and POST request processing, enabling attackers to write files outside intended upload directories. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all internal systems and dependencies using dash-uploader via package managers and container scanning; disable or isolate affected Dash applications from production traffic if running versions 0.1.0-0.7.0a2. Within 7 days: Evaluate upgrade path to dash-uploader versions above 0.7.0a2 (verify latest stable release); test in pre-production environment for compatibility. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today