[Bug 272439] Possible path traversal vulnerability

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272439] Possible path traversal vulnerability"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 09 Jul 2023 22:54:14 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272439

            Bug ID: 272439
           Summary: Possible path traversal vulnerability
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Website
          Assignee: doc@FreeBSD.org
          Reporter: iupac256@gmail.com

Created attachment 243326
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=243326&action=edit
example

https://www.freebsd.org/ports/
and 
https://www.freebsd.org/ports/%2e%2e/ports/
and
https://www.freebsd.org/ports%2f%2e%2e%2fports/

This could be a possible path traversal vulnerability.
%2f%2e%2e%2f is decoded to /../ which is up one dir in unix systems

-- 
You are receiving this mail because:
You are the assignee for the bug.