| शीर्षक | fastapiadmin <= 2.2.0 Path Traversal: '/absolute/pathname/here' |
|---|
| विवरण | An unrestricted file download vulnerability in FastapiAdmin (≤ 2.2.0) exists at /api/v1/common/file/download (files: /backend/app/api/v1/module_common/file/controller.py, /backend/app/api/v1/module_common/file/service.py, /backend/app/utils/upload_util.py) where the download endpoint accepts an arbitrary file_path parameter, performs no path sanitization or canonicalization, and uses Path(file_path) directly to open and stream files; as a result, any user granted the module_common:file:download permission can supply absolute paths or traversal payloads to read sensitive server files (for example /etc/passwd or private keys), enabling information disclosure and further attacks—mitigations include enforcing strict path validation and canonicalization, restricting downloads to a safe upload directory or mapping logical IDs to files, disallowing absolute paths and traversal sequences, validating permissions per-file, and serving files via a controlled safe API or signed, short-lived download tokens. |
|---|
| स्रोत | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-2 |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 11/02/2026 06:33 AM (3 महीनों पहले) |
|---|
| संयम | 22/02/2026 04:09 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347360 [FastApiAdmin तक 2.2.0 Download Endpoint controller.py download_controller file_path सूचना का प्रकटीकरण] |
|---|
| अंक | 20 |
|---|