xinyin025/ChatGPT-Next-Web
1
0
Fork 0
mirror of https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web.git synced 2025-09-24 04:06:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
d09801bcab
ChatGPT-Next-Web/app
History
MirzaSamadAhmedBaig d09801bcab fix: critical path traversal vulnerability in WebDAV proxy endpoint 
- Sanitize path components to prevent directory traversal attacks
- Filter out '.', '..', and empty path components
- URL encode path components to prevent injection attacks
- Prevents potential SSRF attacks via path manipulation

This vulnerability could allow attackers to:
- Access unintended resources outside the WebDAV scope
- Potentially reach internal services or metadata endpoints
- Bypass access controls through path manipulation

Security impact: HIGH - Path traversal is a critical security issue
2025-07-30 00:34:35 +05:00
..
api fix: critical path traversal vulnerability in WebDAV proxy endpoint 2025-07-30 00:34:35 +05:00
client Migrate to claude 4 2025-07-02 22:14:32 +08:00
components fix typo 2025-07-23 14:45:54 +09:00
config feat: add 302.AI provider 2025-06-25 18:10:02 +08:00
icons Fix: Set consistent fill color for OpenAI/MoonShot/Grok SVG to prevent color inversion in dark mode 2025-02-07 11:13:22 +08:00
lib merge code and get analyser data 2024-11-08 13:21:40 +08:00
locales docs: Update locales ko 2025-07-23 02:00:03 +09:00
masks 面具“以文搜图”改成“AI文生图”,微调提示让图片生成更稳定无水印 2024-12-13 22:29:14 +08:00
mcp fix: missing files required for building 2025-01-22 21:28:29 +08:00
store feat: add 302.AI provider 2025-06-25 18:10:02 +08:00
styles fix: 修复多余的查看全部 2024-08-21 10:28:34 +08:00
utils fix(app/utils/chat.ts): fix type error 2025-02-26 19:58:32 +08:00
command.ts add fork 2024-09-14 14:19:11 +08:00
constant.ts feat: update for wrong typo 2025-07-19 13:36:29 +07:00
global.d.ts client app tauri updater #2966 2024-10-11 11:29:22 +08:00
layout.tsx feat: add ENABLE_MCP env var to toggle MCP feature globally and in Docker 2025-01-18 21:19:01 +08:00
page.tsx feat: add ENABLE_MCP env var to toggle MCP feature globally and in Docker 2025-01-18 21:19:01 +08:00
polyfill.ts fix: #397 #373 Array.prototype.at polyfill errors 2023-04-03 13:29:37 +08:00
typing.ts feature: support glm Cogview 2024-12-28 20:23:44 +08:00
utils.ts fix bug (trim eats space or \n mistakenly), optimize timeout by model 2025-02-12 17:49:54 +08:00