all InfoSec news
Patching a directory traversal attack vulnerability
DEV Community dev.to
Date: 2023-07-15
Consider the following component in my personal website responsible for serving static web assets from an OSS bucket to users.
subPath
may contain zero or more path components. The bucket donaldsebleung-assets
is mounted under /mnt/donaldsebleung-assets/
in the container filesystem within the function assets
, which appends the request path subPath
to the mount point in order to fetch the associated object from the bucket and return its contents to the user who initiated the request.
For reference, the …
alibabacloud assets attack components container directory directory traversal filesystem function may oss patching path personal python request responsible security serverless under vulnerability web website