GMS-2018-5: Directory Traversal

January 23, 2018

A crafted GET request can be leveraged to traverse the directory structure of a host using the augustine web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read. Mitigating factors: Only files that the user running augustine has permission to read will be accessible via this vulnerability.

References

hackerone.com/reports/296282

Code Behaviors & Features

Detect and mitigate GMS-2018-5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →