Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
[SECURITY] No Context Checking #981
About audited Directus version.
The file upload mechanism allows to get a direct link the uploaded file without any authentication. In addition, the upload file mechanism does not enforce any restriction file extensions or mime type check. This vulnerability allows an attacker to use it to distribute malicious / spyware / malware files etc.
After exploiting this vulnerability, an attacker can upload a malicious file to the server.
The upload mechanism allows a malicious user to upload any file into the system.
The following link is the URL to the uploaded eicar malicious testing file.
A malicious user can use this functionality in order to upload a malicious file and to send it by a legitimate link to other victims and to attack them using their trust to the system.
It was also found that file size limitations are permit to users upload large size files (Maximum 50MB) in cases even when a size of uploaded file not required to be large as for example image for the user’s avatar.
What problem does this feature solve?
Fixes security hole.
How do you think this should be implemented?
Would you be willing to work on this?
Maybe, with help/guidance from Directus team.