Open JafarAkhondali opened 2 years ago
Due to no response: CVE-2023-39141 have been reserved for this vulnerability.
Vulnerability type: Path traversal
Root cause: This line https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10 accepts file name from URL input, without sanitizing it to be in the same directory.
PoC:
When node-server.js
is used, an attacker can simply request files outside the serving path
curl --path-as-is http://localhost:8888/../../../../../../../../../../../../../../../../../../../../etc/passwd
Root cause: Attacker may read any file that the www user can read.
Vulnerable versions: Right now all versions even latest commit "109903f0e2774cf948698cd95a01f77f33d7dd2c" are vulnerable.
Hi, I've found a high severity security issue in this project.
Please draft a security issue here: https://github.com/ziahamza/webui-aria2/security/advisories/new (I don't have permission) and add me as collaborator, so I can fill details and even help in patching it.