Miggo Logo
Miggo Vulnerability Database
CVE-2020-15230

CVE-2020-15230: Arbitrary file read using percent-encoded relative paths in FileMiddleware

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-15230
GHSA ID
GHSA-vcvg-xgr8-p5gq
EPSS Score
0.67549%
CWE
CWE-22
Published
6/9/2023
Updated
6/19/2023
KEV Status
No
Technology
TechnologySwift

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/vapor/vaporswift>= 4.0.0-rc.2.5, < 4.29.44.29.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from the order of operations in path processing. The original implementation: 1. Took the raw URL path (still percent-encoded) 2. Trimmed leading slashes 3. Later applied percent-decoding when constructing the filesystem path. This allowed attackers to submit paths like '%2e%2e/secret' which would pass the initial 'relative path' check (appearing as non-slash-prefixed), then decode to '../secret' when accessing the filesystem. The patch fixed this by percent-decoding before path validation(), ensuring security checks see the actual path characters.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *tt**k*rs **n ****ss **t* *t *r*itr*ry *il*syst*m p*t*s on t** s*m* *ost *s *n *ppli**tion usin* `*il*Mi**l*w*r*`. ### P*t***s V*rsion [*.**.*](*ttps://*it*u*.*om/v*por/v*por/r*l**s*s/t**/*.**.*) ### Work*roun*s Up*r*** to *.**.* or l

Reasoning

T** vuln*r**ility st*mm** *rom t** or**r o* op*r*tions in p*t* pro**ssin*. T** ori*in*l impl*m*nt*tion: *. Took t** r*w URL p*t* (still p*r**nt-*n*o***) *. Trimm** l***in* sl*s**s *. L*t*r *ppli** p*r**nt-***o*in* w**n *onstru*tin* t** *il*syst*m p*t