@saltcorn/server arbitrary file zip read and download when downloading auto backups
- Severity:
- Medium
Description
A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API.
Recommendation
Update the @saltcorn/server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.0-beta.13
- Patched version(s): 1.0.0-beta.14
References
Related Issues
- axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - CVE-2025-27152
- @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled - CVE-2024-51753
- Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
- Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page - Vulnerability
- Tags:
- npm
- @saltcorn/server
Anything's wrong? Let us know Last updated on October 04, 2024