Closed ParisNeo closed 4 months ago
A crucial update has been made to enhance the security of the xtts_api_server
by fortifying the get_sample
endpoint. This measure effectively blocks path traversal attacks by rejecting any file name requests that include the potentially malicious ".." sequence, ensuring users cannot access unauthorized files.
File Path | Change Summary |
---|---|
.../server.py |
Added a security check to prevent path traversal in the get_sample endpoint. |
🐇✨
In the code's burrow, deep and vast,
A tiny change was made, not fast.
To keep the danger far at bay,
".." in paths, we say "nay".
Safe and sound beneath the moon,
Our server hums a safer tune.
🌟🐾
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Hi, I'm still just learning so thanks for your PR, I'll be aware :)
Hi, I'm still just learning so thanks for your PR, I'll be aware :)
Don't worry. We are all learning :)
Hi, I have spotted a path traversal vulenerability in the XTTS server that allows an attacker to access any file on the host. I have added the following to the endpoint to forbid the recovery of files outside the served folder.
Summary by CodeRabbit
get_sample
endpoint to prevent path traversal attacks.