What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2.
Explanation of Vulnerability in Simple Terms
02Summary
Aviation Weather from NOAA versions 0.7.2 and earlier contain a path traversal vulnerability that allows authenticated users to cause a denial of service by manipulating file paths. An attacker with low-level access can disrupt service availability. The vulnerability requires network access and valid credentials but no user interaction.
What an attacker can do
03Attacker Capabilities
Disrupt the application's availability by traversing file paths to access or manipulate system resources.
Potential impact on your site
04Site Impact
Authenticated users can crash or degrade the application, affecting availability for legitimate users.
Conditions required to exploit
05Prerequisites
Attacker must have low-level user credentials and network access to the application.
Key dates
06Disclosure timeline
July 4, 2025
CVE published
April 28, 2026
Record updated