Affected versions of total.js are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files outside the /public folder by using relative paths.
The files served are limited to these file types: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm, swf, package, json, md, m4v, jsx, heif, heic.
Recommendation
- If you are using version 2.1.x, upgrade to 2.1.1 or later.
- If you are using version 2.2.x, upgrade to 2.2.1 or later.
- If you are using version 2.3.x, upgrade to 2.3.1 or later.
- If you are using version 2.4.x, upgrade to 2.4.1 or later.
- If you are using version 2.5.x, upgrade to 2.5.1 or later.
- If you are using version 2.6.x, upgrade to 2.6.3 or later.
- If you are using version 2.7.x, upgrade to 2.7.1 or later.
- If you are using version 2.8.x, upgrade to 2.8.1 or later.
- If you are using version 2.9.x, upgrade to 2.9.5 or later.
- If you are using version 3.0.x, upgrade to 3.0.1 or later.
- If you are using version 3.1.x, upgrade to 3.1.1 or later.
- If you are using version 3.2.x, upgrade to 3.2.4 or later.
References
Affected versions of
total.jsare vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files outside the/publicfolder by using relative paths.The files served are limited to these file types:
flac,jpg,jpeg,png,gif,ico,js,css,txt,xml,woff,woff2,otf,ttf,eot,svg,zip,rar,pdf,docx,xlsx,doc,xls,html,htm,appcache,manifest,map,ogv,ogg,mp4,mp3,webp,webm,swf,package,json,md,m4v,jsx,heif,heic.Recommendation
References