An Arbitrary File reading vulnerability in the backend(bypass the Path check) #420
Closed
5 tasks done
Labels
kind/bug
Categorizes issue or PR as related to a bug.
I am sure I have checked
I want to apply
In an interface that reads files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.


So I can read any file using the following message
The text was updated successfully, but these errors were encountered: