OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f559ed42f5dd1f2362c61ce4c10d3a47d2da4bd2
advisory-db/crates/warp/RUSTSEC-2022-0082.md
github-actions[bot] bc462d09cd Assigned RUSTSEC-2022-0082 to warp (#1545) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2023-01-29 10:46:17 +11:00

744 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2022-0082"
package = "warp"
date = "2022-01-14"
url = "https://github.com/seanmonstar/warp/issues/937"
categories = ["file-disclosure"]
keywords = ["directory traversal", "http"]

[affected]
os = ["windows"]

[versions]
patched = [">= 0.3.3"]

Improper validation of Windows paths could lead to directory traversal attack

Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.