@saltcorn/server arbitrary file zip read and download when downloading auto backups
- Severity:
- Medium
Description
A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API.
Recommendation
Update the @saltcorn/server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.0-beta.13
- Patched version(s): 1.0.0-beta.14
References
Related Issues
- Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE - Vulnerability
- snowflake-sdk may incorrectly validate temporary credential cache file permissions - CVE-2025-24791
- @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled - CVE-2024-51753
- Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
- Tags:
- npm
- @saltcorn/server
Anything's wrong? Let us know Last updated on October 04, 2024