DevToys Path Traversal Vulnerability in Extension Installation Mechanism

A path traversal vulnerability has been identified in the DevToys application, specifically in versions 2.0.0.0 prior to 2.0.9.0. This vulnerability arises in the extension installation process, where the application fails to properly validate file paths within extension packages (NUPKG archives). As a result, a malicious extension could exploit this flaw by including crafted file entries that traverse directories, potentially overwriting arbitrary files on the user's system with the same privileges as the DevToys process. This could lead to unauthorized code execution, modification of configuration files, or corruption of application or system files.

Impact

Exploitation of this vulnerability allows for arbitrary file overwrites, with the potential for code execution depending on the context.

Reproduction

The vulnerability can be reproduced by creating a malicious NUPKG package that includes file paths designed to traverse directories (such as ../../) and overwrite sensitive files on the system. This package can then be installed through the DevToys extension manager, which will fail to detect the path traversal and allow the overwrite to occur.

Remediation

Users can update DevToys to version 2.0.9.0, the patched version that addresses this vulnerability.