Listen to this Post
How the mentioned CVE works (technical details):
The vulnerability exists in NiceGUI’s `ui.restructured_text()` element, which renders user‑supplied reStructuredText (reST) server‑side using the Docutils library. The issue stems from the `prepare_content()` function in `nicegui/elements/restructured_text.py` calling `docutils.core.publish_parts()` with unsafe default settings. The code only overrides syntax_highlight='short', leaving critical security directives fully enabled. Docutils processes directives such as .. include:: file:///etc/passwd, .. csv-table:: :file: /etc/passwd, and `.. raw:: :file: /etc/passwd` without any restriction. When an attacker controls the reST input (e.g., via URL parameters, form fields, or API payloads), these directives instruct Docutils to read local files from the server’s filesystem. The file contents are embedded into the generated HTML during server‑side rendering, before any frontend sanitization occurs. Because the file read happens on the server, client‑side protections like CSP or DOMPurify cannot prevent the disclosure. The server then returns the HTML containing sensitive data to the attacker. This leads to arbitrary local file read with the privileges of the NiceGUI server process. Applications that pass only trusted, static strings to `ui.restructured_text()` are not affected.
dailycve form:
Platform: NiceGUI
Version: All versions prior to fix (no CVE assigned)
Vulnerability: Server‑side file inclusion
Severity: Medium
Date: Not disclosed
Prediction: Patch expected within 7‑14 days after disclosure
What Undercode Say (Analytics):
Identify vulnerable usage in codebase grep -r "ui.restructured_text" . --include=".py" Test for file read via reST injection curl -X GET "http://target.com/page?content=.. include:: /etc/passwd" | grep "root:" Monitor Docutils calls in production strace -e openat -p $(pgrep -f nicegui) 2>&1 | grep -E "include|csv-table|raw"
Exploit:
Attacker-controlled reST payload payload = """ .. include:: /etc/passwd .. csv-table:: :file: /app/.env .. raw:: :file: /proc/self/environ """ Send to any endpoint passing untrusted input to ui.restructured_text()
Protection from this CVE:
Fix in nicegui/elements/restructured_text.py -> prepare_content()
html = publish_parts(
remove_indentation(content),
writer_name='html4',
settings_overrides={
'syntax_highlight': 'short',
'file_insertion_enabled': False,
'raw_enabled': False,
'_disable_config': True,
},
)
Also upgrade to the latest patched NiceGUI version.
Impact:
Local file disclosure exposing secrets, config files, source code, and mounted Docker/Kubernetes secrets. Attacker can read .env, API tokens, database URLs, cloud credentials, and application logs, leading to full compromise of the server and connected services.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

