Skip to content

Resolve directory traversal vulnerability in static file middleware #831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 11, 2020
Merged

Resolve directory traversal vulnerability in static file middleware #831

merged 1 commit into from
Mar 11, 2020

Conversation

@mikeminutillo
Copy link
Member

@mikeminutillo mikeminutillo commented Mar 11, 2020
edited
Loading

Please see the associated Security Advisory for more information.

@mikeminutillo mikeminutillo requested a review from janovesk March 11, 2020 08:41
@mikeminutillo mikeminutillo merged commit 2d358f9 into master Mar 11, 2020
@mikeminutillo mikeminutillo added this to the 1.24.2 milestone Mar 11, 2020
@mikeminutillo mikeminutillo added the Type: Bug Type: Bug label Mar 11, 2020
@mikeminutillo mikeminutillo mentioned this pull request Mar 11, 2020
Merged
@mikeminutillo mikeminutillo deleted the dir-traversal-fix branch March 11, 2020 09:03
WojcikMike
WojcikMike reviewed Mar 11, 2020
View reviewed changes
src/ServicePulse.Host.Tests/Owin/StaticMiddlewareTests.cs
middleware.Invoke(context);
Assert.AreEqual(("application/octet-stream"), context.Response.ContentType);
}
//[Test]
Copy link
Contributor

@WojcikMike WojcikMike Mar 11, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikeminutillo @janovesk is there any reason that this test was not removed?

Copy link
Member Author

@mikeminutillo mikeminutillo Mar 18, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The intention was to put something back in it's place after the security advisory was published. Maybe an approval test of all extensions in the assembly along with the mime-type or something.

WilliamBZA pushed a commit that referenced this pull request Feb 17, 2023
@mikeminutillo
Merge pull request #831 from Particular/dir-traversal-fix
f49a69d 
Resolve directory traversal vulnerability in static file middleware
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@WojcikMike WojcikMike WojcikMike left review comments

@janovesk janovesk janovesk approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mikeminutillo mikeminutillo

@janovesk janovesk

@boblangley boblangley

Labels

Type: Bug Type: Bug

Projects

None yet

Milestone

1.24.3

Development

Successfully merging this pull request may close these issues.

5 participants

@mikeminutillo @janovesk @WojcikMike @boblangley