Описание
Path traversal when using preview-docs when working dir contains files with question mark ? in name
Impact
preview-docs command allows path traversal if current working dir contains files with question mark ? in name and attacker knows the name.
Patches
It was patched starting from 1.0.0-beta.59
Workarounds
Do not run openapi-cli preview-docs command in the folder which contains files with question mark ? in name.
References
https://github.com/Redocly/openapi-cli/pull/347
For more information
If you have any questions or comments about this advisory:
- Open an issue in @redocly/openapi-cli
- Email us at security@redocly.com
Пакеты
Наименование
@redocly/openapi-cli
npm
Затронутые версииВерсия исправления
<= 1.0.0-beta.58
1.0.0-beta.59