Security Vulnerability - possible to read arbitrary files via socket #159

Open
e2 opened this Issue Feb 4, 2016 · 1 comment

Projects

None yet

3 participants

@e2
Contributor
e2 commented Feb 4, 2016

Patched gem version: v2.5.2
PR with patch: #158
Affected versions: v2.5.1 and below
Credits: @mikeycgto

Use cases affected:

  • multiuser servers running livereload
  • websocket address listening on non-local address
  • websocket port forwarded to untrusted/multiuser remote machines
  • ?

Basically, anyone who can connect to the port can read files available to the user running the livereload server.

Stuff left to do:

  • Prevent files other than ./livereload.js to be loaded via socket
  • Release 2.5.2 with file serving disable (other than ./livereload.js)
  • Add info to Readme
  • Add websocket spec (none yet) (#160)
  • Refactor websocket for filesystem related specs (#160)
  • CVE - none yet
  • Decide which files should be allowed (if any)
@mrzasa mrzasa added a commit to mrzasa/guard-livereload that referenced this issue Feb 9, 2016
@mrzasa mrzasa Update gem version in readme to reflect #159 ee5e752
@jibiel jibiel added the Security label Sep 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment