Leonvanzyl AutoCoder Path Traversal Vulnerability in UI Component
Vulnerability
A path traversal vulnerability has been identified in the UI/static component of Leon van Zyl's AutoCoder, specifically in commit 79d02a. This vulnerability allows attackers to read arbitrary files by sending crafted URL paths that include traversal sequences. The issue arises in the static file serving component of the application, which is responsible for delivering files from the server's disk to the user.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, potentially including application secrets or other confidential information.
Reproduction
To reproduce this vulnerability, send a request to the application with a URL path that includes traversal sequences, such as '../', targeting the static file serving route. This can be done using a web browser or a tool like curl or Postman.
Remediation
Users are advised to update to the latest commit where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.