| 제목 | fastapiadmin <= 2.2.0 Path Traversal: '/absolute/pathname/here' |
|---|
| 설명 | An unrestricted file download vulnerability in FastapiAdmin (≤ 2.2.0) exists at /api/v1/common/file/download (files: /backend/app/api/v1/module_common/file/controller.py, /backend/app/api/v1/module_common/file/service.py, /backend/app/utils/upload_util.py) where the download endpoint accepts an arbitrary file_path parameter, performs no path sanitization or canonicalization, and uses Path(file_path) directly to open and stream files; as a result, any user granted the module_common:file:download permission can supply absolute paths or traversal payloads to read sensitive server files (for example /etc/passwd or private keys), enabling information disclosure and further attacks—mitigations include enforcing strict path validation and canonicalization, restricting downloads to a safe upload directory or mapping logical IDs to files, disallowing absolute paths and traversal sequences, validating permissions per-file, and serving files via a controlled safe API or signed, short-lived download tokens. |
|---|
| 원천 | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-2 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 02. 11. AM 06:33 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 22. PM 04:09 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347360 [FastApiAdmin 까지 2.2.0 Download Endpoint controller.py download_controller file_path 정보 공개] |
|---|
| 포인트들 | 20 |
|---|