esmsh, Local File Inclusion, CVE-2024-40617 (High)

Listen to this Post

The CVE-2024-40617 vulnerability in esm.sh is a path traversal flaw within the Go-based server’s URL routing logic. The vulnerability exists because the server fails to properly sanitize user input within the request path before using it to construct a filesystem path. Specifically, an attacker can embed directory traversal sequences (../) within a crafted URL. When the server processes this URL, it does not neutralize these sequences, allowing the attacker to break out of the intended web root directory. This manipulation of the path causes the server to access and return the contents of arbitrary files on the host filesystem, such as `/etc/passwd` or application database files, directly in the HTTP response to the attacker.
Platform: esm.sh
Version: pre-commit c62f191
Vulnerability: Path Traversal
Severity: High

date: 2024-07-17

Prediction: Patch 2024-07-24

What Undercode Say:

curl --path-as-is 'http://localhost:9999/pr/x/y@99/../../../../../../../../../../etc/passwd?raw=1&module=1'
// Vulnerable code from router.go line ~1168
filePath := filepath.Join(workDir, "builds", path)
http.ServeFile(w, r, filePath)

How Exploit:

Craft URL with `../` sequences.

Protection from this CVE:

Sanitize input paths.

Impact:

Sensitive file disclosure.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top