DorianNiemiecSVRJS/svrjs
Archived
1
0
Fork 0
forked from svrjs/svrjs
Code Pull requests Activity

Fixed security vulnerability with information leakage from "temp" directory

Browse source
This commit is contained in:
Dorian Niemiec 2023-09-10 10:50:18 +02:00
parent d0064ee083
commit 15ca36cf16
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
svr.js
View file

@ -4287,7 +4287,7 @@ if (!cluster.isPrimary) {
callServerError(403);
serverconsole.errmessage("Access to configuration file/certificates is denied.");
return;
} else if (isForbiddenPath(decodedHref, "temp") && !isProxy) {
} else if (isIndexOfForbiddenPath(decodedHref, "temp") && !isProxy) {
callServerError(403);
serverconsole.errmessage("Access to temporary folder is denied.");
return;