mirror of
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git
synced 2026-01-28 01:56:06 +08:00
d09801bcab
- Sanitize path components to prevent directory traversal attacks - Filter out '.', '..', and empty path components - URL encode path components to prevent injection attacks - Prevents potential SSRF attacks via path manipulation This vulnerability could allow attackers to: - Access unintended resources outside the WebDAV scope - Potentially reach internal services or metadata endpoints - Bypass access controls through path manipulation Security impact: HIGH - Path traversal is a critical security issue