Lif Auth Server vulnerable to uncontrolled data in path expression

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

对路径名的限制不恰当(路径遍历)

Lif Authentication Server 安全漏洞

Lif Authentication Server是Lif Platforms开源的一个用于验证 Lif 帐户登录、管理信息和帐户恢复的服务器。 Lif Authentication Server 1.4.0之前版本存在安全漏洞，该漏洞源于没有检查身份验证服务器通过URL接收的文件是否正确，可能允许攻击者访问他们不应访问的文件。

N/A

N/A