GHSA-2gq2-m628-33xp: gregwar/rst Local File Inclusion Vulnerability

May 15, 2024

A Local File Inclusion (LFI) vulnerability has been discovered in the gregwar/rst library, potentially exposing sensitive files on the server to unauthorized users. The issue arises from inadequate input validation, allowing an attacker to manipulate file paths and include arbitrary files.

References

github.com/FriendsOfPHP/security-advisories/blob/master/gregwar/rst/2016-10-31.yaml
github.com/Gregwar/RST
github.com/Gregwar/RST/commit/e8d90ccbeddd91ba3abc506079661dce234f9870
github.com/Gregwar/RST/pull/34
github.com/advisories/GHSA-2gq2-m628-33xp
hackerone.com/reports/179034

Detect and mitigate GHSA-2gq2-m628-33xp with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →