Listen to this Post
The vulnerability exists in the `log_handler` function within ml_logger/server.py. When handling requests to log data, the function uses user-supplied input from the ‘file’ argument to construct a filesystem path without proper sanitization. An attacker can craft a malicious request using sequences like `../` to escape the intended logging directory. This allows for arbitrary file read access on the server’s filesystem. For example, a request specifying `file=../../../etc/passwd` could traverse to sensitive system files. As the attack can be performed remotely and the exploit is publicly available, it poses a significant risk where the logger is exposed.
Platform: ml-logger
Version: <=0.10.36
Vulnerability: Path Traversal
Severity: Moderate
date: 2025-09-25
Prediction: Patch by 2025-10-02
What Undercode Say:
curl -X POST http://vulnerable-host/log -d 'file=../../secret.txt'
Simulated vulnerable code path
def log_handler(request):
filename = request.POST.get('file')
path = os.path.join(LOG_DIR, filename) Vulnerable concatenation
with open(path, 'w') as f:
f.write(request.POST.get('data'))
How Exploit:
Craft HTTP POST requests with path traversal sequences in the ‘file’ parameter to read files outside the log directory.
Protection from this CVE:
Sanitize user input, use os.path.basename(), or implement an allowlist for safe characters.
Impact:
Arbitrary File Read
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
