@saltcorn/server arbitrary file zip read and download when downloading auto backups
- Severity:
- Medium
Description
A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API.
Recommendation
Update the @saltcorn/server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.0-beta.13
- Patched version(s): 1.0.0-beta.14
References
Related Issues
- @saltcorn/server arbitrary file and directory listing when accessing build mobile app results - Vulnerability
- Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
- parse-server crashes when receiving file download request with invalid byte range - CVE-2022-39313
- Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page - Vulnerability
- Tags:
- npm
- @saltcorn/server
Anything's wrong? Let us know Last updated on October 04, 2024