| 제목 | gyoridavid short-video-maker 1.3.4 Path Traversal |
|---|
| 설명 | A path traversal vulnerability was identified in gyoridavid/short-video-maker version 1.3.4. The REST API routes /api/tmp/:tmpFile and /api/music/:fileName in src/server/routers/rest.ts use path.join to concatenate user-supplied route parameters with base directories without validating that the resulting path remains within the intended directory. This allows a remote attacker to read arbitrary files on the server host by using traversal sequences (e.g., ../). |
|---|
| 원천 | ⚠️ https://github.com/gyoridavid/short-video-maker/issues/73 |
|---|
| 사용자 | ccccccctfi (UID 97498) |
|---|
| 제출 | 2026. 04. 20. PM 05:36 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 07. PM 06:39 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 361903 [gyoridavid short-video-maker 까지 1.3.4 REST API rest.ts req.params.tmpFile 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|