mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
7224fbcc89
- Files within the storage/ path could be accessed via path traversal references in content, accessed upon HTML export. - This addresses this via two layers: - Scoped local flysystem filesystems down to the specific image & file folders since flysystem has built-in checking against the escaping of the root folder. - Added path normalization before enforcement of uploads/{images,file} prefix to prevent traversal at a path level. Thanks to @Haxatron via huntr.dev for discovery and reporting. Ref: https://huntr.dev/bounties/ac268a17-72b5-446f-a09a-9945ef58607a/ |
||
---|---|---|
.. | ||
Attachment.php | ||
AttachmentService.php | ||
HttpFetcher.php | ||
Image.php | ||
ImageRepo.php | ||
ImageService.php | ||
UserAvatars.php |