xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-09-17 16:56:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
c2163b1609
ChatGPT-Next-Web/app/api
History
MirzaSamadAhmedBaig d09801bcab fix: critical path traversal vulnerability in WebDAV proxy endpoint 
- Sanitize path components to prevent directory traversal attacks
- Filter out '.', '..', and empty path components
- URL encode path components to prevent injection attacks
- Prevents potential SSRF attacks via path manipulation

This vulnerability could allow attackers to:
- Access unintended resources outside the WebDAV scope
- Potentially reach internal services or metadata endpoints
- Bypass access controls through path manipulation

Security impact: HIGH - Path traversal is a critical security issue
2025-07-30 00:34:35 +05:00
..
[provider]/[...path] feat: add 302.AI provider 2025-06-25 18:10:02 +08:00
artifacts chore: artifact => artifacts 2024-07-26 15:50:26 +08:00
config 修复 VISION_MDOELS 在 docker 运行阶段不生效的问题 2024-12-30 08:58:41 +00:00
tencent chore: remove unused imports 2024-09-15 20:17:02 +08:00
upstash/[action]/[...key] fix: fix upstash sync issue 2024-03-14 01:56:36 +08:00
webdav/[...path] fix: critical path traversal vulnerability in WebDAV proxy endpoint 2025-07-30 00:34:35 +05:00
302ai.ts feat: add 302.AI provider 2025-06-25 18:10:02 +08:00
alibaba.ts fix model leak issue 2024-11-29 15:47:28 +00:00
anthropic.ts fix model leak issue 2024-11-29 15:47:28 +00:00
auth.ts New provider SiliconFlow and Its Latest DeekSeek Models 2025-02-04 16:59:26 +08:00
azure.ts chore: remove unused imports 2024-09-15 20:17:02 +08:00
baidu.ts fix model leak issue 2024-11-29 15:47:28 +00:00
bytedance.ts fix model leak issue 2024-11-29 15:47:28 +00:00
common.ts Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web into add_deepseek 2024-12-29 08:43:25 +08:00
deepseek.ts fix issue #6009 add setting items for deepseek 2024-12-30 18:23:18 +08:00
glm.ts fix model leak issue 2024-11-29 15:47:28 +00:00
google.ts hotfix for x-goog-api-key 2024-09-29 15:51:28 +08:00
iflytek.ts fix model leak issue 2024-11-29 15:47:28 +00:00
moonshot.ts fix model leak issue 2024-11-29 15:47:28 +00:00
openai.ts Merge branch 'main' of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web 2025-02-16 10:50:07 +08:00
proxy.ts Update proxy.ts 2024-11-11 12:59:29 +08:00
siliconflow.ts New provider SiliconFlow and Its Latest DeekSeek Models 2025-02-04 16:59:26 +08:00
stability.ts reduce cloudflare functions build size 2024-08-05 12:59:27 +08:00
xai.ts fix model leak issue 2024-11-29 15:47:28 +00:00