Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpoint
Vulnerability Description
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
sharp 安全漏洞
Vulnerability Description
sharp是lovell个人开发者的一款用于将常见格式的大图像转换为更小的、对 Web 友好的 JPEG、PNG、WebP、GIF 和不同尺寸的 AVIF 图像。 sharp 9.22.0之前版本存在安全漏洞,该漏洞源于通用下载端点未将存储对象绑定到授权实体实例,可能导致认证用户使用有效记录作为授权锚点下载无关磁盘对象。
CVSS Information
N/A
Vulnerability Type
N/A