GMS-2023-393: Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Missing check vulnerability in the static file handler allows any client to access the files in the server’s file system. When staticFiles
is set in the serve settings in the configuration file, the following handler doesn’t check if absolutePath
is still under the directory provided as staticFiles;
References
Detect and mitigate GMS-2023-393 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →