Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-11438

Resource path consisting of %7D with multiple dots leads to path traversal

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Engine 2.9.0
    • Engine 2.9.2
    • Engine
    • None

    Description

      With changes of SLING-10225, sling-engine started considering requests consisting of resource path with %5B ([) and multiple dots as "Invalid", as it could lead to path traversal and exposure of repository content.

      But same could happen with %7D (}) with multiple dots in the request resource path.

      e.g: http://<HOST>:<PORT>/content/we-retail/us/en/experience.html/.%7D./.%7D./.1.json would lead to exposure of repository content stored at /content/we-retail/us

      Attachments

        Activity

          People

            karlpauls Karl Pauls
            sagarmiglani Sagar Miglani
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 2h 10m
                2h 10m