Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in coursevault-preview due to improper base-directory boundary validation
Vulnerability Description
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWith(baseDir) on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument to affected CoursevaultPreview methods may be able to read files outside the configured baseDir when a sibling directory exists whose name shares the same string prefix. This vulnerability is fixed in 0.1.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
coursevault-preview 路径遍历漏洞
Vulnerability Description
coursevault-preview是Moritz André Myrseth个人开发者的一个课程材料预览工具。 coursevault-preview 0.1.1之前版本存在路径遍历漏洞,该漏洞源于resolveSafe实用程序中的边界检查使用String.prototype.startsWith,未强制执行目录边界,可能导致控制relativePath参数的攻击者读取配置基础目录之外的文件。
CVSS Information
N/A
Vulnerability Type
N/A