Listen to this Post
The vulnerability exists within the `stream_handler` function of the `ml_logger/server.py` component. This function is responsible for handling requests to stream log files. It uses a user-supplied `key` parameter to construct a filesystem path without proper sanitization. An attacker can manipulate this `key` parameter using path traversal sequences (e.g., ../../../etc/passwd). Because the function does not validate or restrict the resolved path, it allows reading arbitrary files outside the intended log directory. The attack is initiated remotely by sending a specially crafted HTTP request to the vulnerable endpoint, leading to unauthorized information disclosure of sensitive system files.
Platform: ml-logger
Version: up to acf255b
Vulnerability: Path Traversal
Severity: Moderate
date: 2025-09-25
Prediction: Patch expected by 2025-10-02
What Undercode Say:
curl http://target:8080/stream?key=../../../../etc/passwd
Example vulnerable code path def stream_handler(key): file_path = os.path.join(LOG_DIR, key) Vulnerable path construction return send_file(file_path)
How Exploit:
Remote attackers craft HTTP requests with path traversal sequences in the ‘key’ parameter to read arbitrary files from the server’s filesystem.
Protection from this CVE:
Implement strict input validation and sanitization for the ‘key’ parameter. Use absolute path verification to ensure the resolved path remains within the intended log directory.
Impact:
Unauthorized disclosure of sensitive files, potentially leading to exposure of credentials, configuration files, and other critical system information.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
