CVE-2019-12479: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

August 13, 2019 (updated August 21, 2019)

An issue was discovered |20 Storage A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.

References

nvd.nist.gov/vuln/detail/CVE-2019-12479
security401.com/twentytwenty-storage-path-traversal/

Code Behaviors & Features

Detect and mitigate CVE-2019-12479 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →