mirror of
https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git
synced 2025-11-15 21:43:45 +08:00
d09801bcab
- Sanitize path components to prevent directory traversal attacks - Filter out '.', '..', and empty path components - URL encode path components to prevent injection attacks - Prevents potential SSRF attacks via path manipulation This vulnerability could allow attackers to: - Access unintended resources outside the WebDAV scope - Potentially reach internal services or metadata endpoints - Bypass access controls through path manipulation Security impact: HIGH - Path traversal is a critical security issue