| 제목 | p2r3 Convert 1.0.0 Path Traversal |
|---|
| 설명 |
A security vulnerability has been identified in p2r3/convert (version 1.0.0), specifically within the 'buildCache.js' script. The application implements a file server using the 'Bun.serve' API that is susceptible to a Path Traversal attack (CWE-22).
The vulnerability is rooted in the fetch handler of the Bun.serve instance, where the 'pathname' is extracted from the request URL and modified via a simple string replacement of the "/convert/" prefix. The resulting unsanitized string is then directly concatenated into a file system path: 'Bun.file(${__dirname}/dist/${path})'.
By providing a URL containing directory traversal sequences (e.g., '/convert/../../package.json'), a remote attacker can bypass the intended web root directory ('/dist') and read arbitrary files from the server's filesystem that the process has permissions to access. This leads to unauthorized information disclosure of sensitive project configuration or source code.
CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
Impact: High (Information Disclosure)
Exploitability: Remote / Network |
|---|
| 원천 | ⚠️ https://github.com/Dave-gilmore-aus/security-advisories/blob/main/convert-advisory |
|---|
| 사용자 | davidgilmore (UID 96940) |
|---|
| 제출 | 2026. 03. 31. AM 07:41 (21 날 ago) |
|---|
| 모더레이션 | 2026. 04. 19. PM 09:23 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358270 [p2r3 convert 까지 6998584ace3e11db66dff0b423612a5cf91de75b API buildCache.js Bun.serve pathname 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|