all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Patching a directory traversal attack vulnerability

Add to bookmarks
July 15, 2023, 3:16 p.m. | Donald Sebastian Leung

DEV Community dev.to

Date: 2023-07-15


Consider the following component in my personal website responsible for serving static web assets from an OSS bucket to users.



subPath may contain zero or more path components. The bucket donaldsebleung-assets is mounted under /mnt/donaldsebleung-assets/ in the container filesystem within the function assets, which appends the request path subPath to the mount point in order to fetch the associated object from the bucket and return its contents to the user who initiated the request.


For reference, the …

alibabacloud assets attack components container directory directory traversal filesystem function may oss patching path personal python request responsible security serverless under vulnerability web website

Visit resource

More from dev.to / DEV Community

Git commit helper: add emojis to your commits 52 minutes ago | dev.to
article beginners cli coder +16
Securing Data with Java Encryption an hour ago | dev.to
age architecture cryptography data +15
Encrypting with Block Ciphers: A Guide to AES, CBC, and More 5 hours ago | dev.to
aes block blockcipher blog +18
Is Kotlin actually Good ? + Authentication (Day 3) - Creating a SaaS Startup in … 7 hours ago | dev.to
authentication boot coming enterprise +9
Security news weekly round-up - 3rd May 2024 9 hours ago | dev.to
android applications articles artificial +22
May the Source Be With You, 2024! 13 hours ago | dev.to
balance community hackathon life +10
Unlocking secure software distribution with Minder and GitHub Artifact Attestations 14 hours ago | dev.to
actions artifact beta called +16
AWS IAM — Identity and Access Management 14 hours ago | dev.to
access access management aws ec2 +8
Why IMDSv1 is a Security Risk for Cloud Infrastructure 15 hours ago | dev.to
amazon august aws blog +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Security Engineer

@ Elsevier | Home based-Georgia
View on infosec-jobs.com

Infrastructure Compliance Engineer

@ NVIDIA | US, CA, Santa Clara
View on infosec-jobs.com

Information Systems Security Engineer (ISSE) / Cybersecurity SME

@ Green Cell Consulting | Twentynine Palms, CA, United States
View on infosec-jobs.com

Sales Security Analyst

@ Everbridge | Bengaluru
View on infosec-jobs.com

Alternance – Analyste Threat Intelligence – Cybersécurité - Île-de-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Third Party Cyber Risk Analyst

@ Chubb | Philippines
View on infosec-jobs.com
View more jobs