-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis of the vulnerability indicates a classic path traversal vulnerability in the pyLoad application. The root cause is the lack of input sanitization on filenames provided by the user during file uploads. The application takes the filename from the Content-Disposition header of a multipart/form-data request and uses it directly to construct a file path on the server's filesystem.
The provided commit fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0 clearly shows the fix for this vulnerability in the add_package function. The developers introduced the secure_filename function from werkzeug.utils to sanitize the filename before using it. This confirms the nature of the vulnerability and the affected code pattern.
The vulnerability description also explicitly points out the upload function as being vulnerable, providing a code snippet that shows the exact same flawed logic as in the add_package function. Therefore, it's concluded that both add_package and upload functions in src/pyload/webui/app/blueprints/json_blueprint.py are vulnerable.
An attacker can exploit this by crafting a filename containing path traversal sequences like ../../. This would cause the application to save the uploaded file in a location of the attacker's choice, outside the intended temporary folder. This could be leveraged for remote code execution, for example, by writing a cron job, a web shell, or overwriting critical system files.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pyload-ng | pip | = 0.5.0b3.dev89 | 0.5.0b3.dev90 |