Описание
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory memfs filesystem. If writeToDisk configuration option is set to true, the physical filesystem is used. The getFilenameFromUrl method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the unsecaped path suffix is appended to the outputPath. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use %2e and %2f sequences to perform path traversal attack.
Developers using webpack-dev-server or webpack-dev-middleware are affected by the issue. When the project is started, an attacker might acces
Ссылки
- Patch
- Patch
- Patch
- Patch
- Patch
- ProductRelease Notes
- ProductRelease Notes
- ProductRelease Notes
- ExploitVendor Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- ProductRelease Notes
- ProductRelease Notes
- ProductRelease Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.4 High
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might acc...
Уязвимость промежуточного программного обеспечения для фреймфорка Express Webpack-dev-middleware, связана с недостаточной проверкой URL-адреса, позволяющая получить несанкционированный доступ к защищаемой информации
EPSS
7.4 High
CVSS3
7.5 High
CVSS3