-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability CVE-2024-57189 is a path traversal in the importHistoriesCreate GraphQL mutation handler in Erxes <1.6.2. The provided commit d626070a0fcd435ae29e689aca051ccfb440c2f3 and the SonarSource blog post confirm this. The root cause is the use of user-supplied filenames directly in file system path constructions without proper sanitization.
The primary vulnerable function identified is importBulkStream (in packages/workers/src/worker/import/utils.ts), which is directly involved in the importHistoriesCreate flow as detailed in the blog post. This function takes a fileName, and before the patch, used it to write files to the disk (e.g., via fs.promises.writeFile(\${uploadsFolderPath}/${fileName}`, file.Body)). An attacker could craft a fileNamelike../../../../etc/passwd` to write files outside the intended directory.
The commit also patches several other functions (getCsvInfo, getImportCsvInfo, getCsvHeadersInfo, and various upload functions in packages/core/src/data/utils.ts) by introducing filename sanitization. These functions also handled user-supplied filenames for various file operations (reading, writing, S3 operations) and were thus susceptible to similar path traversal attacks if the fileName parameter was controlled by an attacker. While the importHistoriesCreate mutation is the specifically named entry point, these other functions represent similar weaknesses in file handling that were addressed by the same patch. The functions in packages/core/src/data/utils.ts (like uploadFileLocal, readFileRequest) were also patched to sanitize filenames, indicating they were also processing potentially untrusted filenames in a way that could lead to path traversal if not for the fix.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| erxes | npm | < 1.6.2 | 1.6.2 |
JavaScriptJavaScriptOngoing coverage of React2Shell