CVE-2022-24900 Scanner
CVE-2022-24900 scanner - Path Traversal vulnerability in Piano LED Visualizer
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Piano LED Visualizer is a software that allows LED lights to light up as a person plays a piano connected to a computer. The software has been designed for users who want to make their music-playing experience even more immersive and visually appealing. The software uses LED lights to visually represent each note played on the piano. This makes the playing experience more interesting and enjoyable for users. Piano LED Visualizer is perfect for amateur and professional musicians alike.
However, the software has been found to have a critical security vulnerability. The vulnerability code is known as CVE-2022-24900 and it affects versions 1.3 and prior. The vulnerability is a path traversal attack. This means that untrusted input can be passed via the `os.path.join` call to `flask.send_file` which can lead to path traversal attacks. This vulnerability can have serious security implications for users of the software.
If this vulnerability is exploited, attackers can gain unauthorized access to files and directories on the user’s computer. This makes it possible for attackers to steal sensitive information or install malware on the user’s computer. The attacker may also modify files, which can lead to system instability. Overall, the vulnerability poses a serious risk to the user’s computer security and can result in significant financial loss, among other damages.
In conclusion, Piano LED Visualizer has been found to have a critical security vulnerability that can have serious security implications for users. It is recommended that users take the necessary precautions to protect against this vulnerability. With the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. With proper precautions and informed decision-making, users can ensure that their digital assets remain secure.
REFERENCES
- https://github.com/onlaj/Piano-LED-Visualizer/blob/6a732caa812c83a807c711f3d091af99209cae7b/webinterface/views_api.py#L970
- https://github.com/onlaj/Piano-LED-Visualizer/commit/3f10602323cd8184e1c69a76b815655597bf0ee5
- https://github.com/onlaj/Piano-LED-Visualizer/issues/350
- https://github.com/onlaj/Piano-LED-Visualizer/pull/351
- https://github.com/onlaj/Piano-LED-Visualizer/security/advisories/GHSA-g78x-q3x8-r6m4
