Merge pull request #759 from JafarAkhondali/master

Fixing a Path Traversal Vulnerability
2025-03-09 23:42:05 +00:00 · 2024-11-10 10:42:03 +00:00 · 2024-11-10 10:42:03 +00:00 · 93b29e77c4
commit 93b29e77c4
parent df0d12128b fe39c475a2
1 changed files with 5 additions and 0 deletions
--- a/packages/docs/web-server/index.mjs
+++ b/packages/docs/web-server/index.mjs
@ -35,5 +35,10 @@ function write(res, file) {

 http.createServer((req, res) => {
    const route = req.url.split('/').slice(1);
+    if (route.includes('..')) {
+        res.writeHead(403);
+        res.end('');
+        return;
+    }
    write(res, route);
 }).listen(PORT, HOST);