xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-11-16 05:53:42 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix: critical path traversal vulnerability in WebDAV proxy endpoint

Browse Source 
- Sanitize path components to prevent directory traversal attacks
- Filter out '.', '..', and empty path components
- URL encode path components to prevent injection attacks
- Prevents potential SSRF attacks via path manipulation

This vulnerability could allow attackers to:
- Access unintended resources outside the WebDAV scope
- Potentially reach internal services or metadata endpoints
- Bypass access controls through path manipulation

Security impact: HIGH - Path traversal is a critical security issue
This commit is contained in:
MirzaSamadAhmedBaig
2025-07-30 00:34:35 +05:00
parent 557a2cce35
commit d09801bcab
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/api/webdav/[...path]/route.ts
View File

@@ -62,7 +62,12 @@ async function handle(
endpoint += "/"; endpoint += "/";
} }
const endpointPath = params.path.join("/"); // Sanitize path components to prevent path traversal attacks
const sanitizedPathComponents = params.path
.filter(component => component && component !== '.' && component !== '..')
.map(component => encodeURIComponent(component));
const endpointPath = sanitizedPathComponents.join("/");
const targetPath = `${endpoint}${endpointPath}`; const targetPath = `${endpoint}${endpointPath}`;
// only allow MKCOL, GET, PUT // only allow MKCOL, GET, PUT