shkong/Grasscutter
1
0
Fork 0
mirror of https://github.com/Grasscutters/Grasscutter.git synced 2025-05-12 06:56:02 +08:00
Code Issues Projects Releases Wiki Activity
Grasscutter/src/main/java
History
sandtechnology 55928d9154
[Security][Bugfix] Fix directory traversal exploit (#1907) 
* [Security][Bugfix] Fix directory traversal exploit

1.The first slash will act as root path when resolving local path, so directory traversal is possible
2.Filter the illegal payload to prevent directory traversal
3.This also fix the bug about not loading the files in data folder when querying  `/hk4e/announcement/`

* Fix formatting

* Update src/main/java/emu/grasscutter/server/http/handlers/AnnouncementsHandler.java
2022-10-29 23:19:46 +10:30
..
emu/grasscutter
[Security][Bugfix] Fix directory traversal exploit (#1907)
2022-10-29 23:19:46 +10:30