mapper icon indicating copy to clipboard operation
mapper copied to clipboard
verified publisher icon lyft

fix: relative path traversal vulnerability allows loading of arbitrary files

Open hackersontwohouse opened this issue 1 year ago • 0 comments

Affected of this project lyft/mapper are vulnerable to Directory Traversal. TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. that allows file uploads and has a time zone selector that accepts arbitrary time zone identifiers.

        raise InvalidTimezoneIdentifier, 'Invalid identifier' if identifier !~ /^[A-Za-z0-9\+\-_]+(\/[A-Za-z0-9\+\-_]+)*$/
    assert_raises(InvalidTimezoneIdentifier) { Timezone.get('../Definitions/UTC') }

CWE-22 CWE-23 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

hackersontwohouse avatar May 17 '24 01:05 hackersontwohouse