search

webp-sh / webp_server_go

Go version of WebP Server. A tool that will serve your JPG/PNG/BMP/SVGs as WebP/AVIF format with compression, on-the-fly.
https://docs.webp.sh
GNU General Public License v3.0
1.79k stars 173 forks source link

Fix Malformed dir traversal #331

Closed BennyThink closed 4 months ago

BennyThink commented 4 months ago

A simple check before serving the request

Use BurpSuite repeater to reproduce the issue.

github-actions[bot] commented 4 months ago 

ghcr.io/webp-sh/webp_server_go (debian 12.5)
============================================
Total: 0 (HIGH: 0, CRITICAL: 0)