CVE-2024-29180
Vulnerability from cvelistv5
Published
2024-03-21 16:47
Modified
2024-08-02 14:58
Summary
webpack-dev-middleware Path Traversal vulnerability
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:10:54.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2"
          },
          {
            "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:webpack.js:webpack-dev-middleware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "webpack-dev-middleware",
            "vendor": "webpack.js",
            "versions": [
              {
                "lessThan": "5.3.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.1.2",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.1.0",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29180",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T14:55:43.782623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:58:57.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "webpack-dev-middleware",
          "vendor": "webpack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.1.2"
            },
            {
              "status": "affected",
              "version": "\u003c 5.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\n\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-21T16:47:53.848Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2"
        },
        {
          "name": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0"
        }
      ],
      "source": {
        "advisory": "GHSA-wr3j-pwj9-hqq6",
        "discovery": "UNKNOWN"
      },
      "title": "webpack-dev-middleware Path Traversal vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-29180",
    "datePublished": "2024-03-21T16:47:53.848Z",
    "dateReserved": "2024-03-18T17:07:00.092Z",
    "dateUpdated": "2024-08-02T14:58:57.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-29180\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-21T17:15:09.690\",\"lastModified\":\"2024-03-21T19:47:03.943\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer\u0027s machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack.\\n\\nDevelopers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer\u0027s machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing.\"},{\"lang\":\"es\",\"value\":\"Antes de las versiones 7.1.0, 6.1.2 y 5.3.4, el middleware de desarrollo webpack-dev-middleware para devpack no valida suficientemente la direcci\u00f3n URL proporcionada antes de devolver el archivo local. Es posible acceder a cualquier archivo en la m\u00e1quina del desarrollador. El middleware puede funcionar con el sistema de archivos f\u00edsico al leer los archivos o puede usar un sistema de archivos virtualizado en memoria \\\"memfs\\\". Si la opci\u00f3n de configuraci\u00f3n `writeToDisk` est\u00e1 establecida en `true`, se utiliza el sistema de archivos f\u00edsico. El m\u00e9todo `getFilenameFromUrl` se utiliza para analizar la URL y crear la ruta del archivo local. El prefijo de ruta p\u00fablica se elimina de la URL y el sufijo de ruta \\\"sin separar\\\" se agrega a \\\"outputPath\\\". Como la URL no se elimina y se normaliza autom\u00e1ticamente antes de llamar al midlleware, es posible utilizar las secuencias `%2e` y `%2f` para realizar un ataque de path traversal. Los desarrolladores que utilizan `webpack-dev-server` o `webpack-dev-middleware` se ven afectados por el problema. Cuando se inicia el proyecto, un atacante podr\u00eda acceder a cualquier archivo en la m\u00e1quina del desarrollador y extraer el contenido. Si el servidor de desarrollo est\u00e1 escuchando en una direcci\u00f3n IP p\u00fablica (o `0.0.0.0`), un atacante en la red local puede acceder a los archivos locales sin ninguna interacci\u00f3n por parte de la v\u00edctima (conexi\u00f3n directa al puerto). Si el servidor permite el acceso desde dominios de terceros, un atacante puede enviar un enlace malicioso a la v\u00edctima. Cuando se visita, el script del lado del cliente puede conectarse al servidor local y extraer los archivos locales. A partir de las versiones corregidas 7.1.0, 6.1.2 y 5.3.4, la URL no tiene escape y se normaliza antes de cualquier procesamiento posterior.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.