.. / CVE-2023-35844

Exploit for Lightdash version <= 0.510.3 Arbitrary File Read (CVE-2023-35844)

Description:

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.

Nuclei Template

View the template here CVE-2023-35844.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-35844.yaml
Copy

References:

https://advisory.dw1.io/59
https://github.com/lightdash/lightdash/commit/fcc808c84c2cc3afb343063e32a49440d32a553c
https://nvd.nist.gov/vuln/detail/CVE-2023-35844
https://github.com/lightdash/lightdash/pull/5090
https://github.com/lightdash/lightdash/compare/0.510.2...0.510.3