| 제목 | Upsonic <=v0.55.6 Path Traversal: '..\filedir' |
|---|
| 설명 | Attackers can exploit a directory traversal vulnerability by manipulating the filename parameter in the file upload function to create arbitrary files on the target host. The vulnerability originates from line 39 in markdown/server.py, where the code file_path = os.path.join(temp_dir, file.filename) does not sanitize the file.filename.
|
|---|
| 원천 | ⚠️ https://github.com/Upsonic/Upsonic/issues/356 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 06. 09. AM 10:42 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 19. AM 08:53 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313282 [Upsonic 까지 0.55.6 markdown/server.py os.path.join file.filename 디렉토리 순회] |
|---|
| 포인트들 | 19 |
|---|