Project

General

Profile

Actions
Copy link

Bug #15835

closed

Path traversal symlink - WEBrick

Bug #15835: Path traversal symlink - WEBrick

Added by Dhiraj (Dhiraj Mishra) over 6 years ago. Updated about 6 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
2.6.3
Backport:
2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
[ruby-core:92580]

Description

Summary:
A path traversal issue was observed in WEBrick ( WEBrick/1.4.2 (Ruby/2.6.3/2019-04-16)) via symlink. WEBrick serves static page for the current directory once enabled, however using symlink attacker could view data outside the hosted/running directory.

Steps to reproduce:

mkdir nothing
cd nothing
ln -s ../../ symlnk
ruby -run -ehttpd . -p8080

Impact:
This would allow the attacker to view sensitive data outside the root/running directory.

Recommendation:
We can probably educate users about this behavior in the WebBrick documentation and providing a flag/parameter to disable/enable following symlinks.

Actions
Copy link

Also available in: PDF Atom