Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-36629: Security Fix for Path Traversal - huntr.dev by huntr-helper · Pull Request #36 · SimbCo/httpster

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.

CVE
#vulnerability#nodejs#git#nginx

https://huntr.dev/users/Mik317 has fixed the Path Traversal vulnerability 🔨. Mik317 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/httpster/1/README.md

User Comments:****📊 Metadata *****Bounty URL: https://www.huntr.dev/bounties/1-npm-httpster****⚙️ Description *

The httpster file server was vulnerable against a path traversal issue which existed because symlinks were fetched and their content served without any warn/error.

💻 Technical Description *

I inserted a new router inside the express server which was created by httpster and used fs.lstat to check if the requested file is or not a symlink.
In case it is and the --symlink flag isn’t specified by the server (default false like in other servers like Nginx), an error is thrown.

🐛 Proof of Concept (PoC) *

  1. Download httpster
  2. ln -s /etc/passwd test
  3. httpster
  4. Go on http://localhost:3333/test and the content of the /etc/passwd file is shown

🔥 Proof of Fix (PoF) *

  1. Same steps above, but an error is given instead of the content of the /etc/passwd file

  2. Same steps but start the server with httpster --symlink and the /etc/passwd file is shown (option)

👍 User Acceptance Testing (UAT)

All ok 😄

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907