nweb icon indicating copy to clipboard operation
nweb copied to clipboard

Published 20 hours ago verified publisher icon ankushagarwal

Fix (arbitrary) File Read

Open qtc-de opened this issue 1 year ago • 0 comments

Hi @ankushagarwal :wave:,

private vulnerability reporting is unfortunately deactivated for this project, but the vulnerability was already disclosed in #1 anyway. In the current implementation, clients can simply provide absolute paths to escape from the intended webroot. However, I do not recommend merging #1 because:

  1. The fix suggested in this PR can be bypassed
  2. It adds a bypass for the allowed filetype list

Instead a different fix should be implemented.

I know, this repository is quite old and seems no longer to be maintained. However, the tool is quite popular and I saw it being used by a production system recently. Therefore, you should go ahead and reserve a CVE for this issue. If there is no reaction, after some time, I will go ahead an claim a CVE for this issue. Hope this is okay for you :)

Best regards Tobias

qtc-de avatar Dec 13 '23 14:12 qtc-de