Rails Active Storage has possible Path Traversal in DiskService

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.

N/A

对路径名的限制不恰当(路径遍历)

Rails 路径遍历漏洞

Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails Active Storage 8.1.2.1之前版本、8.0.4.1之前版本和7.2.3.1之前版本存在路径遍历漏洞，该漏洞源于未验证解析后的文件系统路径是否保持在存储根目录内，可能导致路径遍历攻击。

N/A

N/A