LFI bug in /api/get_file

Question

LFI bug in /api/get_file

Closed this issue 6 months ago · 1 comments

verify_jwt does not check that the subdomain contains only characters from SUBDOMAIN_ALPHABET. This allows an attacker that gets the JWT key to set a subdomain like ../../../../etc/passwd and read internal files in the Docker container.

Answer 1 · 2024-05-19T12:00:15.000Z

Added stronger checks for verify_jwt in 5863052