Upsonic Path Traversal Vulnerability in File Upload Function

A critical path traversal vulnerability has been identified in Upsonic versions through 0.55.6. The issue arises in the file upload function within 'markdown/server.py', specifically at line 39, where the 'os.path.join' function is used to concatenate the temporary directory path with the filename of the uploaded file. This implementation fails to properly sanitize the filename, allowing attackers to manipulate the file path and potentially write arbitrary files to the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation on the server, with the potential to overwrite important system files or execute malicious code, according to the advisory.

Reproduction

To reproduce this vulnerability, upload a file through the '/markdown/upload' endpoint, manipulating the 'file.filename' parameter to include path traversal sequences, such as '../', which can be used to navigate to directories outside the intended upload directory. This can be done using a Python script that sends a POST request with the crafted filename.