GHSA-f3pc-ww42-cwqpHighCVSS 9.1
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM...
🔗 CVE IDs covered (1)
📋 Description
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.