CVE-2020-17xx7
Bookmarked!This challenge covers the review of a CVE and its patch
The Code Review Patch challenges in this course provide both the vulnerable code and its corresponding patch. The goal is to identify the vulnerability without initially looking at the patch. The focus of this challenge is on the JobManagerCustomLogHandler class, which contains a directory traversal vulnerability. This vulnerability occurs when the filename is retrieved directly from the request path parameters without proper sanitization, allowing unauthorized access to sensitive files.
By analyzing the code, we observe that the handler retrieves the filename directly from the client’s request, which can include directory traversal sequences (e.g., ../../etc/passwd
). This allows attackers to access files outside the intended directory. The patch fixes this issue by wrapping the filename extraction in a new File object and calling getName()
, effectively stripping off any path information and only retaining the actual filename.