Skip to content

Commit

Permalink
Fix CVE-2023-41040
Browse files Browse the repository at this point in the history 
This change adds a check during reference resolving to see if it
contains an up-level reference ('..'). If it does, it raises an
exception.

This fixes CVE-2023-41040, which allows an attacker to access files
outside the repository's directory.
  • Loading branch information
@facutuesca
facutuesca committed Sep 6, 2023
1 parent 91b464c commit 64ebb9f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions git/refs/symbolic.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,8 @@ def _get_ref_info_helper(
"""Return: (str(sha), str(target_ref_path)) if available, the sha the file at
rela_path points to, or None. target_ref_path is the reference we
point to, or None"""
if ".." in str(ref_path):
raise ValueError(f"Invalid reference '{ref_path}'")
tokens: Union[None, List[str], Tuple[str, str]] = None
repodir = _git_dir(repo, ref_path)
try:
Expand Down

0 comments on commit 64ebb9f

Please sign in to comment.