p-
commented
1 week ago Hey @am0o0 Congrats to the finding. But the sink in the finding is not directly related to this submission, right?
Open am0o0 opened 3 weeks ago
p-
commented
1 week ago Hey @am0o0 Congrats to the finding. But the sink in the finding is not directly related to this submission, right?
am0o0
commented
1 week ago Hi @p- I'm sorry about this I mistakenly pointed to my report. the report that contains the new sink is this one: https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca and the sink is here https://github.com/VertaAI/modeldb/blob/1833ba889859a0e35f22f754ecf20b6b352aa87f/backend/common/src/main/java/ai/verta/modeldb/common/artifactStore/storageservice/nfs/NFSService.java#L134
ghsecuritylab
commented
1 week ago Your submission is now in status Test run.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
ghsecuritylab
commented
2 days ago Your submission is now in status Results analysis.
For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed
Query PR
https://github.com/github/codeql/pull/16708
Language
Java
CVE(s) ID list
CVE-2024-1961
CWE
CWE-022
Report
I added popular AWS S3 methods which directly accept a Path or File or String as a file path to upload or download these files from the local system. Also, I added more Spring core path injection sinks, and finally, I added zip4j path injection sinks.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response