272439 – Possible path traversal vulnerability

Bug 272439 - Possible path traversal vulnerability

Summary: Possible path traversal vulnerability

Status:	Open

Alias:	None

Product:	Services
Classification:	Unclassified
Component:	FTP/WWW Sites & Mirrors (show other bugs)
Version:	unspecified
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	FreeBSD Mirror Admin

URL:
Keywords:	needs-qa

Depends on:
Blocks:

Reported:	2023-07-09 22:54 UTC by iupac256
Modified:	2023-11-03 11:54 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
example (199.50 KB, image/png) 2023-07-09 22:54 UTC, iupac256	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description iupac256 2023-07-09 22:54:14 UTC

Created attachment 243326 [details]
example

https://www.freebsd.org/ports/
and 
https://www.freebsd.org/ports/%2e%2e/ports/
and
https://www.freebsd.org/ports%2f%2e%2e%2fports/

This could be a possible path traversal vulnerability.
%2f%2e%2e%2f is decoded to /../ which is up one dir in unix systems