You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The patch file for CVE-2021-21234 still has a vulnerability, which is a partial path traversal vulnerability.
In commit 1c76e1e, the securityCheck function use canonicalLoggingPath.startsWith(baseCanonicalPath) to check for path traversal vulnerabilities. But it still allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith("/usr/out") will allow an attacker to access a directory with a name like /usr/outnot.
Comparing paths with the java.nio.files.Path#startsWith will adequately protect againts this vulnerability.
For example: file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY) or file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY_FILE.getCanonicalFile().toPath())
The text was updated successfully, but these errors were encountered:
The patch file for CVE-2021-21234 still has a vulnerability, which is a partial path traversal vulnerability.
In commit 1c76e1e, the securityCheck function use canonicalLoggingPath.startsWith(baseCanonicalPath) to check for path traversal vulnerabilities. But it still allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith("/usr/out") will allow an attacker to access a directory with a name like /usr/outnot.
Comparing paths with the java.nio.files.Path#startsWith will adequately protect againts this vulnerability.
For example: file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY) or file.getCanonicalFile().toPath().startsWith(BASE_DIRECTORY_FILE.getCanonicalFile().toPath())
The text was updated successfully, but these errors were encountered: