ChatGPT-Next-Web

mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-09-17 16:56:37 +08:00

History

MirzaSamadAhmedBaig d09801bcab fix: critical path traversal vulnerability in WebDAV proxy endpoint - Sanitize path components to prevent directory traversal attacks - Filter out '.', '..', and empty path components - URL encode path components to prevent injection attacks - Prevents potential SSRF attacks via path manipulation This vulnerability could allow attackers to: - Access unintended resources outside the WebDAV scope - Potentially reach internal services or metadata endpoints - Bypass access controls through path manipulation Security impact: HIGH - Path traversal is a critical security issue	2025-07-30 00:34:35 +05:00
..
route.ts	fix: critical path traversal vulnerability in WebDAV proxy endpoint	2025-07-30 00:34:35 +05:00

MirzaSamadAhmedBaig d09801bcab fix: critical path traversal vulnerability in WebDAV proxy endpoint

- Sanitize path components to prevent directory traversal attacks
- Filter out '.', '..', and empty path components
- URL encode path components to prevent injection attacks
- Prevents potential SSRF attacks via path manipulation

This vulnerability could allow attackers to:
- Access unintended resources outside the WebDAV scope
- Potentially reach internal services or metadata endpoints
- Bypass access controls through path manipulation

Security impact: HIGH - Path traversal is a critical security issue

2025-07-30 00:34:35 +05:00

route.ts

fix: critical path traversal vulnerability in WebDAV proxy endpoint

2025-07-30 00:34:35 +05:00