mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-24 20:02:35 +01:00
7224fbcc89
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/
|
||
|---|---|---|
| .. | ||
| api.php | ||
| app.php | ||
| auth.php | ||
| broadcasting.php | ||
| cache.php | ||
| database.php | ||
| debugbar.php | ||
| dompdf.php | ||
| filesystems.php | ||
| hashing.php | ||
| logging.php | ||
| mail.php | ||
| queue.php | ||
| saml2.php | ||
| services.php | ||
| session.php | ||
| setting-defaults.php | ||
| snappy.php | ||
| view.php | ||