OpenSolon Path Traversal Vulnerability in Render Manager Component

A path traversal vulnerability has been identified in OpenSolon versions prior to 3.1.0. The issue arises in the RenderManager component, specifically within the render_mav function of the '/aa' endpoint. The vulnerability allows remote attackers to manipulate the 'template' parameter to access arbitrary files, such as the HelloApp.class file, by traversing directories. Exploitation of this vulnerability could lead to unauthorized file access on the server.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to read arbitrary files from the server's file system. Additionally, according to the reference, this vulnerability could be exploited to achieve remote code execution.

Reproduction

To reproduce this vulnerability, deploy an OpenSolon application with a controller that maps to the '/aa' endpoint. The controller should use the RenderManager to render a template based on the 'template' parameter. Once the application is running, send a GET request to the '/aa' endpoint with a crafted 'template' parameter that includes directory traversal sequences, such as '../', to access sensitive files on the server.