Project

General

Profile

Actions

Bug #15835

closed

Path traversal symlink - WEBrick

Added by Dhiraj (Dhiraj Mishra) almost 5 years ago. Updated over 4 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:92580]

Description

Summary:
A path traversal issue was observed in WEBrick ( WEBrick/1.4.2 (Ruby/2.6.3/2019-04-16)) via symlink. WEBrick serves static page for the current directory once enabled, however using symlink attacker could view data outside the hosted/running directory.

Steps to reproduce:

mkdir nothing
cd nothing
ln -s ../../ symlnk
ruby -run -ehttpd . -p8080

Impact:
This would allow the attacker to view sensitive data outside the root/running directory.

Recommendation:
We can probably educate users about this behavior in the WebBrick documentation and providing a flag/parameter to disable/enable following symlinks.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0