Miggo Logo

CVE-2022-31507: Ganga allows absolute path traversal

9.3

CVSS Score
3.1

Basic Information

EPSS Score
0.31624%
Published
7/13/2022
Updated
9/20/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
gangapip< 8.5.108.5.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure use of os.path.join() in the job_browse route handler before passing the path to flask.send_file. The commit diff shows the fix replaced os.path.join() with werkzeug.utils.safe_join(), explicitly addressing path traversal. The 'path' parameter is user-controlled input that flows directly into this vulnerable path construction, making the job_browse function the entry point for the exploit. The combination of user-controlled input, unsafe path joining, and send_file usage creates the critical vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **n**-**vs/**n** r*pository ***or* *.*.** on *it*u* *llows **solut* p*t* tr*v*rs*l ****us* t** *l*sk `s*n*_*il*` *un*tion is us** uns***ly.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* us* o* os.p*t*.join() in t** jo*_*rows* rout* **n*l*r ***or* p*ssin* t** p*t* to *l*sk.s*n*_*il*. T** *ommit *i** s*ows t** *ix r*pl**** os.p*t*.join() wit* w*rkz*u*.utils.s***_join(), *xpli*itly ***r*ssin* p