OpenSolon Solon Path Traversal Vulnerability in Static File Handling

A path traversal vulnerability has been identified in OpenSolon Solon versions through 3.0.8. The issue resides in the static file management component, specifically within the StaticMappings.java file. This vulnerability allows remote attackers to manipulate file paths using '../' sequences, potentially leading to unauthorized file access. The problem has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to access files outside the intended directory.

Reproduction

The vulnerability can be reproduced by sending a request to the application that includes a path traversal payload, such as '../filedir', targeting the static file handling component. This can be done after creating a project and modifying the static file request to include the traversal sequence. The issue can be tested on various operating systems, including Windows and Mac.

Remediation

Users are advised to upgrade to OpenSolon Solon version 3.0.9 or later, where this vulnerability has been addressed.