๐ Node.js third-party modules: [zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary I would like to report path traversal in zenn-cli. It allows the attacker to read arbitrary .md files. Module module name: zenn-cli version: 0.1.39 npm page: https://www.npmjs.com/package/zenn-cli Module Description Manage Zenn content locally ?โ? Module Stats 885 weekly downloads Vulnerability Vulnerability Description Due to improper sanitization in this line, it's possible to bypass sanitization via \ on Windows and allows the attacker to read arbitrary .md file from the victim's machine. Steps To Reproduce: Create test directory: mkdir zenn-test && zenn-test Initialize npm project: npm init --yes Install zenn-cli: npm install zenn-cli Initialize zenn-cli: npx zenn init Create an article: npx zenn new:article Start preview server: npx zenn preview Open http://localhost:8000 in your browser. Click an article that you created in step 5. Find the URL in the following format from the Network tab of DevTools: http://localhost:8000/_next/data/[Random String]/articles/[Slug of an article].json Modify the URL you found above to the following and send request: http://localhost:8000/_next/data/[Copy the random string from step 9]/articles/%5c..%5cREADME.json You'll receive the content of the README.md that is in outside of articles directory. Patch `` diff --git a/packages/zenn-cli/utils/api/articles.ts b/packages/zenn-cli/utils/api/articles.ts index 294e7f3..06bfc7f 100644 --- a/packages/zenn-cli/utils/api/articles.ts +++ b/packages/zenn-cli/utils/api/articles.ts @@... ...