Relative Path Traversal in @evershop/evershop

CVE-2023-46496

@evershop/evershop

High

8.7/10

Summary

EverShop web application in versions prior to 1.0.0-rc.8 is missing input validation in the function 'unlinkSync' in 'deleteFile.js', leading to a Relative Path Traversal vulnerability that enables arbitrary file deletion. This vulnerability extends beyond path traversal since the endpoint "/api/files" allows "DELETE" requests which then allow for file deletion across the filesystem.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-23 - Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References

Advisory
Pull request
Checkmarx

Advisory Timeline

Published Sep 25, 2023

Relative Path Traversal in @evershop/evershop

CVE-2023-46496

Summary

CWE-23 - Relative Path Traversal

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS