Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A directory traversal vulnerability exists in RocketMQ's automatic topic creation #1637

Closed
coffeehb opened this issue Dec 4, 2019 · 7 comments
Closed

A directory traversal vulnerability exists in RocketMQ's automatic topic creation #1637

coffeehb opened this issue Dec 4, 2019 · 7 comments

Comments

@coffeehb
Copy link

coffeehb commented Dec 4, 2019
edited by vongosling
Loading

Some topics need checking filtering logic

Test environmental conditions:

  • RocketMQ4.6.0 The latest version
  • autoCreateTopicEnable=true default setting

my computer:

  • Windows7 pro x64
  • JDK1.8.0_181 x6
@coffeehb coffeehb changed the title RocketMQ自动创建topic时存在目录穿越漏洞 A directory traversal vulnerability exists in RocketMQ's automatic topic creation Dec 4, 2019
@feng3
Copy link

feng3 commented Dec 5, 2019

666

@duhenglucky
Copy link
Contributor

@coffeehb it would be better to add some filtering logic on the topic name when creating a topic.

@coffeehb
Copy link
Author

coffeehb commented Dec 6, 2019
edited
Loading

@coffeehb it would be better to add some filtering logic on the topic name when creating a topic.
@duhenglucky
Yes, without filtering logic, an attacker can fill up any arbitrary directory on the system. Please note that this issue may exist other versions of the rocketmq, not only 4.6.0 or Windows systems.

@duhenglucky
Copy link
Contributor

@coffeehb it would be better to add some filtering logic on the topic name when creating a topic.
@duhenglucky
Yes, without filtering logic, an attacker can fill up any arbitrary directory on the system. Please note that this issue may exist other versions of the rocketmq, not only 4.6.0 or Windows systems.

thanks for your reminder, and could you submit a PR to fix it?

@coffeehb
Copy link
Author

coffeehb commented Dec 6, 2019
edited by vongosling
Loading

@coffeehb it would be better to add some filtering logic on the topic name when creating a topic.
@duhenglucky
Yes, without filtering logic, an attacker can fill up any arbitrary directory on the system. Please note that this issue may exist other versions of the rocketmq, not only 4.6.0 or Windows systems.

thanks for your reminder, and could you submit a PR to fix it?

@duhenglucky

...

@coffeehb
Copy link
Author

coffeehb commented Dec 9, 2019

Hello, is there a repair plan for this vulnerability? A large number of rocketmq users are affected by this security bug. @duhenglucky

@vongosling
Copy link
Member

vongosling commented Dec 9, 2019
edited
Loading

@coffeehb Thanks for your report, especially for your request for a CVE ID. According to some relevant regulations, I must close it workaround. For the further process of the problem, please refer to the latest commits history. Thanks again for your submission:-)

duhenglucky added a commit that referenced this issue Dec 12, 2019
@duhenglucky
[ISSUE #1637]Fix 1637 (#1644)
f8f6fbe 
* fix(broker): add the check logic of the server to the topic

* chore(test):add unit test

* chore(validator):polish the code

* chore(test):add ASF license header
duhenglucky added a commit that referenced this issue Dec 13, 2019
@duhenglucky
Revert "[ISSUE #1637]Fix 1637 (#1644)"
42fcc17 
This reverts commit f8f6fbe.
RongtongJin pushed a commit that referenced this issue Jan 20, 2020
@duhenglucky @RongtongJin
[ISSUE #1637]Fix 1637 (#1644)
e6f37af 
* fix(broker): add the check logic of the server to the topic

* chore(test):add unit test

* chore(validator):polish the code

* chore(test):add ASF license header
JiaMingLiu93 pushed a commit to JiaMingLiu93/rocketmq that referenced this issue May 28, 2020
@duhenglucky
[ISSUE apache#1637]Fix 1637 (apache#1644)
1f54b2d 
* fix(broker): add the check logic of the server to the topic

* chore(test):add unit test

* chore(validator):polish the code

* chore(test):add ASF license header
GenerousMan pushed a commit to GenerousMan/rocketmq that referenced this issue Aug 12, 2022
@duhenglucky
[ISSUE apache#1637]Fix 1637 (apache#1644)
b45b5a8 
* fix(broker): add the check logic of the server to the topic

* chore(test):add unit test

* chore(validator):polish the code

* chore(test):add ASF license header
pulllock pushed a commit to pulllock/rocketmq that referenced this issue Oct 19, 2023
@duhenglucky
[ISSUE apache#1637]Fix 1637 (apache#1644)
df22b02 
* fix(broker): add the check logic of the server to the topic

* chore(test):add unit test

* chore(validator):polish the code

* chore(test):add ASF license header
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vongosling @coffeehb @duhenglucky @feng3