Headline
CVE-2023-39141: webui-aria2 CVE-2023-39141
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
CVE-2023-39141 is reserved for this vulnerability
Project link:
https://github.com/ziahamza/webui-aria2/
Vulnerability type:
Path traversal
Root cause: This line https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10 accepts file name from URL input, without sanitizing it to be in the same directory.
PoC:
When `node-server.js` is used, an attacker can simply request files outside the serving path
`curl --path-as-is http://localhost:8888/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/etc/passwd`
Root cause: Attacker may read any file that the www user can read.
Vulnerable versions:
Right now all versions even latest commit “109903f0e2774cf948698cd95a01f77f33d7dd2c” are vulnerable.