shrine is vulnerable to Path Traversal
59
Medium Risk
The file_system storage in shrine builds the full path to a file by joining the configured storage directory with the file id, without validating where the result resolves. When the id comes from attacker-controlled data, such as a tampered cached attachment hash containing ../ sequences, the path can resolve to a location outside of the storage directory. Operations like opening, deleting, checking existence, and uploading then act on arbitrary files on the host filesystem, allowing out-of-bounds file read and deletion. The fix raises Shrine::Error whenever an id would resolve outside of the storage directory.
You are affected if you are using a version that falls within the vulnerable range and your application uses the file_system storage with file identifiers derived from attacker-controlled data.
shrine is vulnerable to Path Traversal in versions 0.9.0 - 3.7.1.
Upgrade the shrine library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant