Security Vulnerability - possible to read arbitrary files via socket

Question

Security Vulnerability - possible to read arbitrary files via socket

e2 opened this issue 9 years ago · 2 comments

e2 commented 9 years ago

Patched gem version: v2.5.2
PR with patch: #158
Affected versions: v2.5.1 and below
Credits: @mikeycgto

Use cases affected:

multiuser servers running livereload
websocket address listening on non-local address
websocket port forwarded to untrusted/multiuser remote machines
?

Basically, anyone who can connect to the port can read files available to the user running the livereload server.

Stuff left to do:

Prevent files other than ./livereload.js to be loaded via socket
Release 2.5.2 with file serving disable (other than ./livereload.js)
Add info to Readme
Add websocket spec (none yet) (#160)
Refactor websocket for filesystem related specs (#160)
CVE - none yet
Decide which files should be allowed (if any)

Answer 1 · 2016-12-17T15:55:14.000Z

A CVE was assigned for this issue: CVE-2016-1000305

https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/158c10cf11bc7d6ad728c1a8dd213f523ecfca52/DWF/2016/1000305/CVE-2016-1000305.json

Answer 2 · 2023-06-12T18:50:32.000Z

A CVE was assigned for this issue: CVE-2016-1000305

https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/158c10cf11bc7d6ad728c1a8dd213f523ecfca52/DWF/2016/1000305/CVE-2016-1000305.json

Do you know status of this CVE?