Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sharp has Unrestricted File Upload via Client-Controlled Validation Rules
Vulnerability Description
Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the `ApiFormUploadController` accepts a client-controlled `validation_rule` parameter. This parameter is directly passed into the Laravel validator without sufficient server-side enforcement. By intercepting the request and sending `validation_rule[]=file`, an attacker can completely bypass all MIME type and file extension restrictions. This issue has been addressed in version 9.20.0 by removing the client-controlled validation rules and strictly defining upload rules server-side. As a workaround, ensure that the storage disk used for Sharp uploads is strictly private. Under default configurations, an attacker cannot directly execute uploaded PHP files unless a public disk configuration is explicitly used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
sharp 代码问题漏洞
Vulnerability Description
sharp是lovell个人开发者的一款用于将常见格式的大图像转换为更小的、对 Web 友好的 JPEG、PNG、WebP、GIF 和不同尺寸的 AVIF 图像。 Sharp 9.20.0之前版本存在代码问题漏洞,该漏洞源于文件上传端点存在客户端控制的validation_rule参数,可能导致绕过所有文件类型限制。
CVSS Information
N/A
Vulnerability Type
N/A