You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This library can be built into application(e.g. admin portal of some webapp, that is the case I encountered).
While reading log files is a feature of app for troubleshooting purposes, it should not allow to read files from arbitrary directories.
Request log file path should be normalized and checked if it is still inside of allow directory(or list of directories).
This library can be built into application(e.g. admin portal of some webapp, that is the case I encountered).
While reading log files is a feature of app for troubleshooting purposes, it should not allow to read files from arbitrary directories.
Request log file path should be normalized and checked if it is still inside of allow directory(or list of directories).
Otherwise it can lead to security issue CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The text was updated successfully, but these errors were encountered: