| 标题 | lsFusion 6.1 Unauthorized Arbitrary File Read |
|---|
| 描述 | The API /file/static/noauth/** is used to download logos and icons without authentication. The handleRequest method in DownloadFileRequestHandler supports a version parameter. While the /** path component is validated, if an attacker directly accesses /file/static/noauth (without a trailing path), the filename is derived solely from the unvalidated version parameter. The generated fileName is then directly appended to FileUtils.APP_DOWNLOAD_FOLDER_PATH, leading to arbitrary file read vulnerabilities. |
|---|
| 来源 | ⚠️ https://github.com/lsfusion/platform/issues/1543 |
|---|
| 用户 | R1ckyZ (UID 92331) |
|---|
| 提交 | 2025-11-05 07時53分 (6 月前) |
|---|
| 管理 | 2025-11-16 12時00分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 332596 [lsfusion platform 直到 6.1 DownloadFileRequestHandler.java DownloadFileRequestHandler 版本 目录遍历] |
|---|
| 积分 | 20 |
|---|