CVE-2021-21269

by Fred · 20/01/2021

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.

Date published : 2021-01-20

https://github.com/keymaker-mx/keymaker/security/advisories/GHSA-pg25-xfcf-vjvm

https://github.com/keymaker-mx/keymaker/commit/63f3012b390ff1519a84100df9e5dff5058bb926

CVE-2021-21269

Similar

Recent Posts

Categories

CVE-2021-21269

Share this:

Similar

Recent Posts

Categories

Tags