@saltcorn/server arbitrary file zip read and download when downloading auto backups
- Severity:
- Medium
Description
A user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to res.download API.
Recommendation
Update the @saltcorn/server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.0.0-beta.13
- Patched version(s): 1.0.0-beta.14
References
Related Issues
- @saltcorn/server arbitrary file and directory listing when accessing build mobile app results - Vulnerability
- Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability - CVE-2024-47818
- Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read - CVE-2026-40163
- @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defst - Vulnerability
You might also like:
- Tags:
- npm
- @saltcorn/server
Anything's wrong? Let us know Last updated on October 04, 2024


