Files or Directories Accessible to External Partiesrepomix is an A tool to pack repository contents to single file for AI consumption
Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the remote repository URL validation in src/core/git/gitRemoteParse.ts and the public website pack clone path in processRemoteRepo. An attacker can read arbitrary local git repositories by supplying a file:// URL to the /api/pack clone endpoint, which passes the URL through shape-only parsing and into git clone. This lets an unauthenticated attacker fetch tracked file contents from repositories on the server filesystem. For users running the website server, the impact is unauthorized disclosure of repository data stored locally.
How to fix Files or Directories Accessible to External Parties? Upgrade repomix to version 1.16.1 or higher.
| |
Server-side Request Forgery (SSRF)repomix is an A tool to pack repository contents to single file for AI consumption
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can make the server issue arbitrary outbound requests, including requests to private network addresses, cloud metadata services, or local filesystem paths, by supplying a crafted repository URL. The vulnerable code accepts URLs that only match the expected owner/repo shape and passes them to git clone without enforcing an HTTPS-only public-repository allowlist. This lets unauthenticated users trigger outbound network access from the server and, with file:// URLs, local file reads that can expose sensitive data or break the pack endpoint’s normal behavior.
How to fix Server-side Request Forgery (SSRF)? Upgrade repomix to version 1.16.1 or higher.
| |