Arbitrary file reading vulnerability

Impact

A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.

Vulnerable code:

aim/aim/web/api/views.py

Lines 9 to 16 in 0b99c6c

    
           @statics_router.get('/static-files/{path:path}/') 
        
           async def serve_static_files(path): 
        
               from aim import web 
        
               static_file_name = os.path.join(os.path.dirname(web.__file__), 'ui', 'build', path) 
        
               compressed_file_name = '{}.gz'.format(static_file_name) 
        
               if os.path.exists(compressed_file_name): 
        
                   return FileResponse(compressed_file_name, headers={'Content-Encoding': 'gzip'}) 
        
               return FileResponse(static_file_name)

Patches

The vulnerability issue is resolved in Aim v3.1.0.

References

https://owasp.org/www-community/attacks/Path_Traversal

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Arbitrary file reading vulnerability

Package

Affected versions

Patched versions

Description

Impact

Patches

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

CVE ID

Weaknesses

Credits

	@statics_router.get('/static-files/{path:path}/')
	async def serve_static_files(path):
	from aim import web
	static_file_name = os.path.join(os.path.dirname(web.__file__), 'ui', 'build', path)
	compressed_file_name = '{}.gz'.format(static_file_name)
	if os.path.exists(compressed_file_name):
	return FileResponse(compressed_file_name, headers={'Content-Encoding': 'gzip'})
	return FileResponse(static_file_name)