Project

General

Profile

Bug #15835

Path traversal symlink - WEBrick

Added by Dhiraj (Dhiraj Mishra) over 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:92580]

Description

Summary:
A path traversal issue was observed in WEBrick ( WEBrick/1.4.2 (Ruby/2.6.3/2019-04-16)) via symlink. WEBrick serves static page for the current directory once enabled, however using symlink attacker could view data outside the hosted/running directory.

Steps to reproduce:

mkdir nothing
cd nothing
ln -s ../../ symlnk
ruby -run -ehttpd . -p8080

Impact:
This would allow the attacker to view sensitive data outside the root/running directory.

Recommendation:
We can probably educate users about this behavior in the WebBrick documentation and providing a flag/parameter to disable/enable following symlinks.

Also available in: Atom PDF