An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg

Warp vulnerable to Path Traversal via Improper validation of Windows paths

Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 8 months ago
Updated: 6 months ago

Identifiers: GHSA-8v4j-7jgf-5rg9

Affected Packages

Versions: < 0.3.3
Fixed in: 0.3.3