You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// Vuln: path-traversal
let pkg = require("simple-spellchecker");
const filename = "/etc/passwd";
pkg._readFile(filename,function(err,result){
// the package returns a dictionary in which the contents are in the wordlist array
let fileLines = result.wordlist;
// The package uses split.('\n') to create the array. Reconstruct it back
console.log(fileLines.join("\n"))
});
Inspecting the source for the project on npm or on github we can see the functions in question
_readFile: function(file_path, callback) {
fs.readFile(file_path, 'utf8', function(err, text) {
// Check for errors.
if (!err) {
// Create dictionary and return it.
var dictionary = new Dictionary(text.split('\n'));
callback(null, dictionary);
} else {
// Return an error.
callback("The dictionary file could not be read: " + err, null);
}
});
},
_readFileSync: function(file_path) {
try {
var text = fs.readFileSync(file_path, 'utf8')
// Create dictionary and return it.
var dictionary = new Dictionary(text.split('\n'));
return dictionary;
} catch(err) {
// Return an error.
throw new Error("The dictionary file could not be read: " + file_path + ". Error: " + err);
}
},
Do indeed read a file based on a path passed to it. This seems like intended usage to me so could you elaborate on how you arrived at a high severity rating?
The text was updated successfully, but these errors were encountered:
Hey all, similar to #97 I'm curious to know how you arrived at a high severity for
https://nvd.nist.gov/vuln/detail/CVE-2024-46503
The poc's listed read as
https://gist.github.com/guilherme-goncalves793/9c3125c6c8e33e0d9216847118137c63
and
https://gist.github.com/guilherme-goncalves793/30d62c12fffd18d4058f4aebe188f462
Inspecting the source for the project on npm or on github we can see the functions in question
and _readFileSync
Do indeed read a file based on a path passed to it. This seems like intended usage to me so could you elaborate on how you arrived at a high severity rating?
The text was updated successfully, but these errors were encountered: